管理VLAN 100
192.168.100.1/24
AP VLAN 110 (PVID)
192.168.110.1/29
STA VLAN 200
192.168.200.1/24
R1(ISP):
<ISP>dis cur
[V200R003C00]
#
sysname ISP
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.1.1.2 255.255.255.252
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 100.100.100.100 255.255.255.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
Return
R2:
<AR2>dis cur
[V200R003C00]
#
sysname AR2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 permit
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.1.1.1 255.255.255.252
nat outbound 2000
#
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.252
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.1.1.2
ip route-static 192.168.0.0 255.255.0.0 192.168.1.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
Return
<SW1>dis cur (三层交换机)
#
sysname SW1
#
undo info-center enable
#
vlan batch 2 100 110 200
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif2
ip address 192.168.1.2 255.255.255.252
#
interface Vlanif100
ip address 192.168.100.1 255.255.255.0
dhcp select interface
#
interface Vlanif110
ip address 192.168.110.1 255.255.255.0
dhcp select interface
dhcp server option 43 sub-option 2 ip-address 192.168.100.2
#
interface Vlanif200
ip address 192.168.200.1 255.255.255.0
dhcp select interface
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 100 110 200
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
#
user-interface con 0
user-interface vty 0 4
#
return
<SW2>dis cur (二层交换机)
#
sysname SW2
#
undo info-center enable
#
vlan batch 100 110 200
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
port link-type trunk
port trunk pvid vlan 110
port trunk allow-pass vlan 100 110 200
#
interface GigabitEthernet0/0/1
description 2_AP_vlan110
port link-type trunk
port trunk pvid vlan 110
port trunk allow-pass vlan 100 110 200
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100 110 200
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
Return
AC WLAN控制器
<AC6605>dis cur
#
set memory-usage threshold 0
#
ssl renegotiation-rate 1
#
vlan batch 100
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
#
diffserv domain default
#
radius-server template default
#
pki realm default
rsa local-key-pair default
enrollment self-signed
#
ike proposal default
encryption-algorithm aes-256
dh group14
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
domain default
authentication-scheme radius
radius-server default
domain default_admin
authentication-scheme default
local-user admin password irreversible-cipher $1a$[Ycc/C-{sW$j|jSQ!gy3@Tq`F#Ho/
lW2'eVR!#u[.uk&P/cMDcQ$
local-user admin privilege level 15
local-user admin service-type http
#
interface Vlanif100
ip address 192.168.100.2 255.255.255.0
#
interface MEth0/0/1
undo negotiation auto
duplex half
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#
interface NULL0
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
ssh server secure-algorithms cipher aes256_ctr aes128_ctr
ssh server key-exchange dh_group14_sha1
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group14_sha1
#
ip route-static 0.0.0.0 0.0.0.0 192.168.100.1
#
capwap source ip-address 192.168.100.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
protocol inbound all
user-interface vty 16 20
protocol inbound all
#
wlan
traffic-profile name default
security-profile name TTCCEE
security wpa-wpa2 psk pass-phrase %^%#O4;AEE-;5%gEp#)&<t|2t5QdGc1C[GIM<aFc_rl~
%^%# aes
security-profile name default
security-profile name default-wds
security-profile name default-mesh
ssid-profile name TTCCEE
ssid TTCCEE
ssid-profile name default
vap-profile name TTCCEE
service-vlan vlan-id 200
ssid-profile TTCCEE
security-profile TTCCEE
vap-profile name default
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name TTCCEE
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
wireless-access-specification
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
serial-profile name preset-enjoyor-toeap
ap auth-mode no-auth
ap-group name gourp1
ap-group name group1
regulatory-domain-profile TTCCEE
radio 0
vap-profile TTCCEE wlan 1
radio 1
vap-profile TTCCEE wlan 1
radio 2
vap-profile TTCCEE wlan 1
ap-group name default
ap-id 0 type-id 69 ap-mac 00e0-fc95-65d0 ap-sn 210235448310E037306C
ap-group group1
ap-id 1 type-id 69 ap-mac 00e0-fca8-78b0 ap-sn 2102354483107C0A6E5F
ap-group group1
provision-ap
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
return