AC软件版本:V200R021C00SPC100
管理Vlan:Vlan97
业务Vlan:150,160等
最终配置
<AirEgine9700S>dis cu
Software Version V200R021C00SPC100
#
sysname AirEgine9700S
#
http timeout 60
http secure-server ssl-policy default_policy
http secure-server server-source -i all
http server enable
#
set np rss hash-mode 5-tuple
#
mdns permit service-type _airplay._tcp.local id 0
mdns permit service-type _raop._tcp.local id 1
mdns permit service-type _printer._tcp.local id 2
mdns permit service-type _ipp._tcp.local id 3
mdns permit service-type _universal._sub._ipp._tcp.local id 4
mdns permit service-type _cups._sub._ipp._tcp.local id 5
#
kpi disable
#
vlan batch 8 10 to 14 20 97 to 100 110 120 130 140 150 160
#
stp enable
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name macportal_authen_profile
authentication-profile name portal_authen_profile
#
dns resolve
dns proxy enable
#
dhcp enable
#
diffserv domain default
vlan 150
description WIFI_Office
vlan 160
description WIFI_Device
#
radius-server template default
#
pki realm default
certificate-check none
#
ssl policy default_policy type server
pki-realm default
version tls1.2
ciphersuite ecdhe_rsa_aes128_gcm_sha256 ecdhe_rsa_aes256_gcm_sha384
#
ike proposal default
encryption-algorithm aes-256
dh group14
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
authentication-scheme default
authentication-mode local
authentication-scheme radius
authentication-mode radius
authorization-scheme default
authorization-mode local
accounting-scheme default
accounting-mode none
local-aaa-user password policy administrator
domain default
authentication-scheme default
accounting-scheme default
radius-server default
domain default_admin
authentication-scheme default
accounting-scheme default
local-user admin password irreversible-cipher $1a$70hU8lq&U8$^\lQClf^PH70e]Ai/T#=JH/B.o>_2@:TIc*5
local-user admin privilege level 15
local-user admin service-type telnet ssh http
#
interface Vlanif1
ip address dhcp-alloc unicast
#
interface Vlanif97
description Huawei_AP_Management
ip address 192.168.97.1 255.255.255.0
dhcp select interface
#
interface Vlanif99
ip address 192.168.99.14 255.255.255.0
#
interface Ethernet0/0/47
ip address 169.254.3.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 97
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 97
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk pvid vlan 97
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk pvid vlan 97
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk pvid vlan 97
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/6
port link-type trunk
port trunk pvid vlan 97
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/7
port link-type trunk
port trunk pvid vlan 97
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/8
port link-type trunk
port trunk pvid vlan 97
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/9
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/10
port link-type access
#
interface XGigabitEthernet0/0/1
#
interface XGigabitEthernet0/0/2
#
interface NULL0
#
ftp server-source -i Vlanif1
#
info-center timestamp log date precision-time millisecond
info-center timestamp trap date precision-time millisecond
#
undo icmp name timestamp-request receive
#
undo snmp-agent
#
ssh server-source -i Vlanif1
stelnet server enable
undo telnet ipv6 server enable
telnet server-source -i all
ssh server secure-algorithms cipher aes256_ctr aes128_ctr
ssh server secure-algorithms hmac sha2_256
ssh server key-exchange dh_group16_sha512 dh_group15_sha512 dh_group_exchange_sha256
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group16_sha512 dh_group15_sha512 dh_group_exchange_sha256
#
ip route-static 0.0.0.0 0.0.0.0 192.168.99.2
#
capwap source interface vlanif97
capwap dtls psk %^%#]lL\@l`~V01y4k&yGds;u
capwap dtls inter-controller psk %^%#y#it7qr4lEBfmj"64wf*-0)wAI
#
user-interface con 0
authentication-mode password
set authentication password irreversible-cipher $1b$yLn\E><a[($jmB=GQiO%9f'$@LX9bi.qIv*'D"S|U,deHK{7j:K$
idle-timeout 120 0
user-interface vty 0 4
authentication-mode aaa
idle-timeout 120 0
protocol inbound all
user-interface vty 16 20
authentication-mode aaa
protocol inbound ssh
#
wmi-server
#
wmi-server2
#
wlan
temporary-management psk %^%#9%#HB6rgA1g8A,'LjmwC|EJ`LC'Il3MgbJ
ap username admin password cipher %^%#He1C-To#\%zv]kVML<e9gqfB#)=G#Pfg(
traffic-profile name default
security-profile name CEST
security wpa-wpa2 psk pass-phrase %^%#*w)%"FGyd1+**xFybfE9gs/*"<}.I%^%# aes
security-profile name Admin
security wpa-wpa2 psk pass-phrase %^%#6to$7l'm9U6wp,ITj9F3_Nx!<km,h+"ZiA$%^%# aes
security-profile name Device
security wpa-wpa2 psk pass-phrase %^%#8:1y5eC72-K-~PP5fmi;lEE/Sb-sV70nB}`:h7%^%# aes
security-profile name Mobile
security wpa-wpa2 psk pass-phrase %^%#+7!1S3bB`Nt[];3vn*>;}w)0{ONd.C)|jv9HQ%^%# aes
security-profile name default
security-profile name default-wds
security-profile name default-mesh
ssid-profile name CEST
ssid CEST
ssid-profile name Admin
ssid Admin
ssid-profile name Device
ssid Device
ssid-profile name Mobile
ssid Mobile
ssid-profile name default
vap-profile name CEST
service-vlan vlan-id 20
ssid-profile CEST
security-profile CEST
vap-profile name Admin
service-vlan vlan-id 10
ssid-profile Admin
security-profile Admin
vap-profile name Device
service-vlan vlan-id 160
ssid-profile Device
security-profile Device
vap-profile name Mobile
service-vlan vlan-id 150
ssid-profile Mobile
security-profile Mobile
vap-profile name default
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
regulatory-domain-profile name domain1
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-whitelist-profile name default
wids-profile name default
wireless-access-specification
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
ap-group name default
ap-group name ap-group1
regulatory-domain-profile domain1
radio 0
vap-profile Device wlan 1
vap-profile Mobile wlan 2
vap-profile Admin wlan 3
vap-profile CEST wlan 4
radio 1
vap-profile Device wlan 1
vap-profile Mobile wlan 2
vap-profile Admin wlan 3
vap-profile CEST wlan 4
ap-id 0 type-id 79 ap-mac a47c-c940-6140 ap-sn 21500831133GMB000229
ap-name area_0
ap-group ap-group1
ap-id 1 type-id 79 ap-mac a47c-c940-7da0 ap-sn 21500831133GMB000023
ap-name area_1
ap-group ap-group1
ap-id 2 type-id 79 ap-mac a47c-c940-8ce0 ap-sn 21500831133GMB000126
ap-name area_2
ap-group ap-group1
ap-id 3 type-id 79 ap-mac a47c-c940-7d20 ap-sn 21500831133GMB000019
ap-name area_3
ap-group ap-group1
ap-id 4 type-id 79 ap-mac a47c-c940-9300 ap-sn 21500831133GMB000166
ap-name area_4
ap-group ap-group1
ap-id 5 type-id 79 ap-mac a47c-c940-8a40 ap-sn 21500831133GMB000147
ap-name area_5
ap-group ap-group1
ap-id 6 type-id 79 ap-mac a47c-c940-8300 ap-sn 21500831133GMB000066
ap-name area_6
ap-group ap-group1
ap-id 7 type-id 79 ap-mac a47c-c940-90e0 ap-sn 21500831133GMB000189
ap-name area_7
ap-group ap-group1
ap-id 8 type-id 79 ap-mac a47c-c940-8a20 ap-sn 21500831133GMB000145
ap-name area_8
ap-group ap-group1
ap-id 9 type-id 79 ap-mac a47c-c940-8520 ap-sn 21500831133GMB000083
ap-name area_9
ap-group ap-group1
provision-ap
#
device-profile profile-name @default_device_profile
device-type default_type_phone
enable
rule 0 user-agent sub-match Android
rule 1 user-agent sub-match iPhone
rule 2 user-agent sub-match iPad
if-match rule 0 or rule 1 or rule 2
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
undo ntp-service enable
ntp-service server server-source -i Vlanif1
#
return
<AirEgine9700S>
<AirEgine9700S>
<AirEgine9700S>dis int bri
PHY: Physical
*down: administratively down
(l): loopback
(s): spoofing
(b): BFD down
(e): ETHOAM down
InUti/OutUti: input utility/output utility
Interface PHY Protocol InUti OutUti inErrors outErrors
Ethernet0/0/47 up up 0% 0% 0 0
GigabitEthernet0/0/1 down down 0% 0% 0 0
GigabitEthernet0/0/2 down down 0% 0% 0 0
GigabitEthernet0/0/3 down down 0% 0% 0 0
GigabitEthernet0/0/4 down down 0% 0% 0 0
GigabitEthernet0/0/5 down down 0% 0% 0 0
GigabitEthernet0/0/6 down down 0% 0% 0 0
GigabitEthernet0/0/7 down down 0% 0% 0 0
GigabitEthernet0/0/8 down down 0% 0% 0 0
GigabitEthernet0/0/9 up up 0.03% 0.01% 0 0
GigabitEthernet0/0/10 down down 0% 0% 0 0
NULL0 up up(s) 0% 0% 0 0
Vlanif1 up down -- -- 0 0
Vlanif97 up up -- -- 0 0
Vlanif99 up up -- -- 0 0
XGigabitEthernet0/0/1 down down 0% 0% 0 0
XGigabitEthernet0/0/2 down down 0% 0% 0 0
<GA-AirEgine9700S>
<GA-AirEgine9700S>dis ip rou
<GA-AirEgine9700S>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 RD 192.168.99.2 Vlanif99
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
169.254.3.0/24 Direct 0 0 D 169.254.3.1 Ethernet0/0/47
169.254.3.1/32 Direct 0 0 D 127.0.0.1 Ethernet0/0/47
169.254.3.255/32 Direct 0 0 D 127.0.0.1 Ethernet0/0/47
192.168.97.0/24 Direct 0 0 D 192.168.97.1 Vlanif97
192.168.97.1/32 Direct 0 0 D 127.0.0.1 Vlanif97
192.168.97.255/32 Direct 0 0 D 127.0.0.1 Vlanif97
192.168.99.0/24 Direct 0 0 D 192.168.99.198 Vlanif99
192.168.99.14/32 Direct 0 0 D 127.0.0.1 Vlanif99
192.168.99.255/32 Direct 0 0 D 127.0.0.1 Vlanif99
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<GA-AirEgine9700S>
<GA-AirEgine9700S>dis ap all
Total AP information:
fault : fault [9]
nor : normal [1]
ExtraInfo : Extra information
--------------------------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime ExtraInfo
--------------------------------------------------------------------------------------------------------
0 a47c-c940-6140 area_0 ap-group1 192.168.97.239 AP4051DN-S nor 4 3H:57M:17S -
1 a47c-c940-7da0 area_1 ap-group1 - AP4051DN-S fault 0 - -
2 a47c-c940-8ce0 area_2 ap-group1 - AP4051DN-S fault 0 - -
3 a47c-c940-7d20 area_3 ap-group1 - AP4051DN-S fault 0 - -
4 a47c-c940-9300 area_4 ap-group1 - AP4051DN-S fault 0 - -
5 a47c-c940-8a40 area_5 ap-group1 - AP4051DN-S fault 0 - -
6 a47c-c940-8300 area_6 ap-group1 - AP4051DN-S fault 0 - -
7 a47c-c940-90e0 area_7 ap-group1 - AP4051DN-S fault 0 - -
8 a47c-c940-8a20 area_8 ap-group1 - AP4051DN-S fault 0 - -
9 a47c-c940-8520 area_9 ap-group1 - AP4051DN-S fault 0 - -
--------------------------------------------------------------------------------------------------------
Total: 10
<GA-AirEgine9700S>
配置脚本参考
在AC6005上运行
dhcp enable
vlan batch 8 50 97
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 97
port trunk allow-pass vlan 2 to 4094
interface Vlanif97
description Huawei_AP_Management
ip address 192.168.97.1 255.255.255.0
dhcp select interface
interface Vlanif8
ip address 192.168.8.222 255.255.255.0
#
interface GigabitEthernet0/0/8
port link-type access
port default vlan 8
ip route-static 0.0.0.0 0.0.0.0 192.168.8.1
dis ip pool
capwap source interface vlanif97
wlan
security-profile name LDS
security wpa-wpa2 psk pass-phrase qq47198093 aes
ssid-profile name LDS
ssid LDS
ssid-profile name LDS2_4
ssid LDS2_4
ssid-profile name LDS_5G
ssid LDS_5G
vap-profile name LDS
service-vlan vlan-id 50
ssid-profile LDS
security-profile LDS
vap-profile name LDS2_4
service-vlan vlan-id 50
ssid-profile LDS2_4
security-profile LDS
vap-profile name LDS_5G
service-vlan vlan-id 50
ssid-profile LDS_5G
security-profile LDS
ap-group name ap-group1
radio 0
vap-profile LDS wlan 1
vap-profile LDS2_4 wlan 2
radio 1
vap-profile LDS wlan 1
vap-profile LDS_5G wlan 3
ap-id 0 ap-mac 3c9d-56e2-fdc0
ap-name area_0
y
ap-group ap-group1
6694
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
