<AC6605>system-view
[AC6605] user-interface console 0
[AC6605-ui-console0] user privilege level 15
配置Console用户界面的用户验证方式为密码验证
[AC6605-ui-console0] authentication-mode password
[AC6605-ui-console0] set authentication password cipher
Info: A plain text password is a string of 8 to 128 case-sensitive
characters and must be a combination of at least two of the follow
ing: uppercase letters A to Z, lowercase letters a to z, digits, and
special characters (including spaces and the following :`~!@#$%
^&*()-_=+|[{}];:'",<.>/?). A cipher text password contains 56 or 68
characters.
Current Password: int
New Password:
Confirm New Password:
[AC6605-ui-console0] quit
[AC6605]quit
clock timezone BJ add 12:00:00
<AC6605> clock datetime 12:10:0 2017-07-26# 设置设备名称和管理IP地址
。本例将设备接口GE0/0/1加入VLAN 1,使用VLANIF 1作为设备的管理网口,这
里用vlan10。
说明:
AC6605可以直接使用MEth接口作为设备的管理网口。
<AC6605> system-view
[AC6605] sysname AC
[AC] vlan 10us
[AC-vlan1] quit
[AC] interface gigabitethernet 0/0/1
[AC-GigabitEthernet0/0/1] port link-type trunk
[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[AC-GigabitEthernet0/0/1] port trunk pvid vlan 10
[AC-GigabitEthernet0/0/1] quit
[AC] interface vlanif 10
[AC-Vlanif1] ip address 192.168.0.1 255.255.255.0
[AC-Vlanif1] quit# 设置Telnet用户的级别和认证方式
[AC] telnet server enable
[AC] user-interface vty 0 4
[AC-ui-vty0-4] user privilege level 15
[AC-ui-vty0-4] authentication-mode aaa
[AC-ui-vty0-4] quit
[AC] aaa
[AC-aaa] local-user huawei password irreversible-cipher admin@huawei
[AC-aaa] local-user huawei privilege level 15
[AC-aaa] local-user huawei service-type telnet
[AC-aaa] quit
[AC] acl 2000
[AC-acl-basic-2000] rule deny source 10.1.1.1 0
[AC-acl-basic-2000] rule permit source any
[AC-acl-basic-2000] quit
[AC] user-interface vty 0 7
[AC-ui-vty0-7] acl 2000 inbound
配置VTY用户界面的终端属性
[AC-ui-vty0-7] shell
[AC-ui-vty0-7] idle-timeout 30
[AC-ui-vty0-7] screen-length 30
[AC-ui-vty0-7] history-command max-size 20
配置VTY用户界面的用户优先级
[AC-ui-vty0-7] user privilege level 2
配置VTY用户界面的用户验证方式为密码验证
[AC-ui-vty0-7] authentication-mode password
[AC-ui-vty0-7] set authentication password cipher
Info: A plain text password is a string of 8 to 128 case-sensitive
characters and must be a combination of at least two of the follow
ing: uppercase letters A to Z, lowercase letters a to z, digits, and
special characters (including spaces and the following :`~!@#$%
^&*()-_=+|[{}];:'",<.>/?). A cipher text password contains 56 or 68
characters.
Current Password:
New Password:
Confirm New Password:
[AC-ui-vty0-7] quit
配置自协商速率
[AC] interface gigabitethernet 0/0/1
[AC-GigabitEthernet0/0/1] negotiation auto
[AC-GigabitEthernet0/0/1] quit# 配置GE0/0/2的自协商。
[AC] interface gigabitethernet 0/0/2
[AC-GigabitEthernet0/0/2] negotiation auto
[AC-GigabitEthernet0/0/2] quit# 配置GE0/0/3的自协商。
[AC] interface gigabitethernet 0/0/3
[AC-GigabitEthernet0/0/3] negotiation auto
[AC-GigabitEthernet0/0/3] quit
配置自协商速率
配置GE0/0/1的自协商速率为10Mbit/s。
[AC] interface gigabitethernet 0/0/1
[AC-GigabitEthernet0/0/1] auto speed 10
[AC-GigabitEthernet0/0/1] q15uit# 配置GE0/0/2的自协商速率为10Mbit/s
。
[AC] interface gigabitethernet 0/0/2
[AC-GigabitEthernet0/0/2] auto speed 10
[AC-GigabitEthernet0/0/2] quit# 配置GE0/0/3的自协商速率为10Mbit/s。
[AC] interface gigabitethernet 0/0/3
[AC-GigabitEthernet0/0/3] auto speed 10
[AC-GigabitEthernet0/0/3] quit
配置端口隔离功能————需要隔离个别接口,可以使用此功能
interface gigabitethernet 0/0/4
[AC-GigabitEthernet0/0/4] port-isolate enable
[AC-GigabitEthernet0/0/4] quit
[AC] interface gigabitethernet 0/0/5
[AC-GigabitEthernet0/0/5] port-isolate enable
[AC-GigabitEthernet0/0/5] quit
注意:保持两边的协商模式一致,要么都工作在自协商模式下,要么都工作在
非自协商模式下。display interface显示信息是“ENABLE”表示接口工作在
自协商状态下;显示信息是“DISABLE”表示接口工作在非自协商状态下。
创建AP组——6005默认ap组名default,用dis ap all查看
所有AP组缺省已引用了名为default的AP系统模板、2G射频模板、5G射频模板
、域管理模板、WIDS模板和AP有线口模板。
[AC]ip pool toy
Info: It's successful to create an IP address pool.
注意:如果使用独立的DHCP服务器为AP分配IP地址,必须配置option 43字段
,否则AP无法发现AC,最终AP无法在AC上线,具体配置方法参见对应设备的配
置手册。
[AC]ip pool toy
[AC-ip-pool-toy]gateway-list 192.168.0.1
[AC-ip-pool-toy]network 192.168.0.1 mask 24
[AC-ip-pool-toy]dns-list 192.168.0.20
[AC-ip-pool-toy]domain-name huawei
直接连接AP的网络设备端口,必须配置PVID为管理VLAN。
配置完了,我们看一下配置:
查看当前配置:
[toys]dis current-configuration
#
sysname toys
#
snmp-agent local-engineid 800007DB03000000000000
undo snmp-agent community complexity-check disable
snmp-agent
#
http timeout 3
#
vlan batch 100 102
#
wlan ac-global carrier id other ac id 1
#
dhcp enable
#
diffserv domain default
#
pki realm default
enrollment self-signed
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %@%@bo]Dnyrm1\x`qC3g=d;3Uw}%@%@
local-user admin service-type http
local-user huawei password cipher %@%@>eN0<<tjh:VqKG1uK,05,Um%@%@
local-user huawei service-type telnet
#
interface Vlanif100
ip address 192.168.10.10 255.255.255.0
#
interface Vlanif102
ip address 192.168.1.1 255.255.255.0
dhcp select interface
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 102
port trunk allow-pass vlan 102
port-isolate enable group 1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 102
port trunk allow-pass vlan 102
port-isolate enable group 1
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface Wlan-Ess0
port hybrid pvid vlan 102
port hybrid untagged vlan 102
#
interface NULL0
#
user-interface con 0
authentication-mode password
set authentication password cipher %@%@Ox-rTh0|e>--yD91Sk8G,.7}
$1yE&5bV_T{CV)#+~[S
%@%@ encryption-method ccmp
service-set name huawei-10 id 0
service-set name huawei-1 id 1
forward-mode tunnel
wlan-ess 0
ssid toy
traffic-profile id 0
security-profile id 0
radio-profile name huawei-ap10 id 0
ap 1 radio 0
work-mode monitor
device detect enable
countermeasures enable
countermeasures mode rogue ap spoof-ssid
ssid-whitelist ssid toy
#
return
转载于:https://blog.51cto.com/tudoubowen10/2072625
6322
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
