URL
iMC
https://172.20.65.146:8080/imc
深信服AC
深信服防火墙
设备名称 | 管理地址 | 账号 | 密码 |
SZPDC-CORE | 172.20.154.13 | ||
SZPDC-core1 | 192.168.220.254 | aaa | 123456 |
AC | 192.168.220.1 | admin | admin |
AC | 192.168.220.2 | admin | admin |
ACCESS-1 | 192.168.220.3 | admin | admin |
ACCESS-2 | 192.168.220.4 | admin | admin |
IRF堆叠
SZPDC-CORE-1
system-view
irf member 1 pri 20
interface range ten-gigabitethernet 1/0/47 to ten-gigabitethernet 1/0/48
shutdown
quit
irf-port 1/2
port group interface ten-gigabitethernet 1/0/48
quit
interface range Ten-gigabitethernet 1/0/47 to Ten-gigabitethernet 1/0/48
undo shutdown
quit
interface bridge-aggregation 3
quit
interface bridge-aggregation 1
link-aggregation mode dynamic
port link-type trunk
port trunk permit vlan all
quit
interface bridge-aggregation 2
link-aggregation mode dynamic
port link-type trunk
port trunk permit vlan all
quit
interface ten-gigabitethernet 1/0/1
port link-aggregation group 1
port link-type trunk
port trunk permit vlan all
quit
interface ten-gigabitethernet 1/0/2
port link-type trunk
port trunk permit vlan all
port link-aggregation group 2
quit
local-user admin
password simple admin
service-type telnet ssh
authorization-attribute user-role network-admin
undo authorization-attribute user-role network-operator
quit
user-interface vty 0 15
authentication-mode scheme
quit
telnet server enable
save f
sys
irf-port-configuration active
SZPDC-CORE-2
system-view
irf member 2 pri 10
interface range ten-gigabitethernet 2/0/47 to ten-gigabitethernet 2/0/48
shutdown
quit
irf-port 2/1
port group interface ten-gigabitethernet 2/0/48
quit
interface range Ten-gigabitethernet 2/0/47 to Ten-gigabitethernet 2/0/48
undo shutdown
quit
interface bridge-aggregation 3
quit
interface bridge-aggregation 1
link-aggregation mode dynamic
port link-type trunk
port trunk permit vlan all
quit
interface bridge-aggregation 2
link-aggregation mode dynamic
port link-type trunk
port trunk permit vlan all
quit
interface ten-gigabitethernet 2/0/1
port link-aggregation group 1
port link-type trunk
port trunk permit vlan all
quit
interface ten-gigabitethernet 2/0/2
port link-type trunk
port trunk permit vlan all
port link-aggregation group 2
quit
local-user admin
password simple admin
service-type telnet ssh
authorization-attribute user-role network-admin
undo authorization-attribute user-role network-operator
quit
user-interface vty 0 15
authentication-mode scheme
quit
telnet server enable
save f
sys
irf-port-configuration active
DHCP
SZPDC-CORE
vlan 2003
description xhm-bfd
vlan 2006
description xhm-access-1
vlan 2008
description xhm-access-2
vlan 2010
description xhm-ap-manage
vlan 2012
description xhm-psk-mac-test
vlan 2016
description xhm-portal-test
vlan 2020
description xhm-manage-vlan
dhcp server ip-pool xhm-2006
gateway-list 192.168.207.254
network 192.168.206.0 mask 255.255.254.0
dns-list 114.114.114.114
expired day 2
dhcp server ip-pool xhm-2008
gateway-list 192.168.209.254
network 192.168.208.0 mask 255.255.254.0
dns-list 114.114.114.114
expired day 2
interface Vlan-interface 2006
ip address 192.168.207.254 255.255.254.0
dhcp server apply ip-pool access-1
interface Vlan-interface 2008
ip address 192.168.209.254 255.255.254.0
dhcp server apply ip-pool access-2
interface Vlan-interface 2012
ip address 192.168.215.254 255.255.252.0
dhcp server apply ip-pool ap-psk-mac
interface Vlan-interface 2016
ip address 192.168.219.254 255.255.252.0
dhcp server apply ip-pool ap-portal
int vlan 2020
ip address 192.168.220.254 255.255.255.0
ACCESS-1
Sys
Vlan 2000 to 2020
Int vlanif 2020
Ip address 192.168.220.3 24
Quit
interface bridge-aggregation 1
port link-type trunk
port trunk permit vlan all
quit
int ethernet 1/0/1
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
quit
int ethernet 1/0/2
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
quit
local-user admin
password cipher admin
service-type telnet ssh
authorization-attribute user-level 3
quit
user-interface vty 0 15
authentication-mode scheme
quit
telnet server enable
ACCESS-2
Sys
Vlan 2000 to 2020
Int vlanif 2020
Ip address 192.168.220.4 24
Quit
interface bridge-aggregation 2
port link-type trunk
port trunk permit vlan all
quit
int ethernet 1/0/1
port link-type trunk
port trunk permit vlan all
port link-aggregation group 2
quit
int ethernet 1/0/2
port link-type trunk
port trunk permit vlan all
port link-aggregation group 2
quit
local-user admin
password cipher admin
service-type telnet ssh
authorization-attribute user-level 3
quit
user-interface vty 0 15
authentication-mode scheme
quit
telnet server enable
端口镜像
mirroring-group group 4 local
interface Ten-GigabitEthernet1/0/20
port link-mode bridge
description xhm-monitor-test
mirroring-group 4 mirroring-port both
interface Ten-GigabitEthernet1/0/21
port link-mode bridge
description xhm-monitor-test
port access vlan 2008
mirroring-group 4 monitor-port
无线设置(AC引擎)
Sys
Sysname AC
Vlan 2010
Description ap manage vlan
Vlan 2012
Description psk and mac vlan
Vlan 2016
Description portal vlan
Vlan 2020
Description manage vlan
local-user admin
password cipher admin
authorization-attribute level 3
service-type telnet
service-type web
telnet server enable
port-security enable
portal server portal ip 172.20.65.146 key cipher szpdc12345 url http://172.20.65.146:8080/portal server-type imc
portal free-rule 0 source ip 192.168.210.254 mask 255.255.255.255 destination ip any
portal local-server http
radius scheme xhm-mac
primary authentication 172.20.65.146
primary accounting 172.20.65.146
key authentication cipher 12345678
key accounting cipher 12345678
user-name-format without-domain
nas-ip 192.168.220.1
radius scheme xhm-portal
primary authentication 172.20.65.146
primary accounting 172.20.65.146
key authentication cipher 12345678
key accounting cipher 12345678
domain xhm-mac
authentication lan-access radius-scheme xhm-mac
authorization lan-access radius-scheme xhm-mac
accounting lan-access radius-scheme xhm-mac
access-limit disable
state active
idle-cut enable 60 10240
self-service-url disable
domain xhm-portal
authentication portal radius-scheme xhm-portal
authorization portal radius-scheme xhm-portal
accounting portal radius-scheme xhm-portal
access-limit disable
state active
wlan auto-ap enable
wlan auto-persistent enable
password-recovery enable
wlan service-template 21 crypto
ssid xhm-psk
bind WLAN-ESS 21
cipher-suite cnmp
security-ie rsn
service-template enable
wlan ap-group default_group
ap 0cda-4100-5a60
dhcp server ip-pool xhm-ap-manage
gateway-list 192.168.210.254
network 192.168.210.0 mask 255.255.255.0
dns-list 114.114.114.114
dhcp server ip-pool xhm-psk-mac
gateway-list 192.168.215.254
network 192.168.212.0 mask 255.255.254.0
dns-list 114.114.114.114
expired day 2
dhcp server ip-pool xhm--portal
gateway-list 192.168.219.254
network 192.168.216.0 mask 255.255.254.0
dns-list 114.114.114.114
expired day 2
interface Vlan-interface 2010
ip address 192.168.210.254 255.255.255.0
interface Vlan-interface 2010
ip address 192.168.210.254 255.255.255.0
interface Vlan-interface 2012
ip address 192.168.215.254 255.255.252.0
interface Vlan-interface 2016
ip address 192.168.219.254 255.255.252.0
interface Vlan-interface 2020
ip address 192.168.220.1 255.255.255.0
wlan service-template 21 crypto
ssid xhm-psk
bind WLAN-ESS 21
cipher-suite ccmp
security-ie rsn
service-template enable
wlan service-template 22 clear
ssid xhm-mac
bind WLAN-ESS 22
service-template enable
wlan service-template 23 clear
description xhm-portal
ssid xhm-portal
bind WLAN-ESS 23
service-template enable
interface WLAN-ESS21
description xhm-psk
port access vlan 2012
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher szpdc12345
interface WLAN-ESS22
description xhm-mac
port access vlan 2012
port-security port-mode mac-authentication
mac-authentication domain xhm-mac
interface WLAN-ESS23
description xhm-portal
port access vlan 2016
wlan ap 3891-d5a7-c2c0 model WA2620i-AGN id 1
description xhm-uesing-ap
serial-id 219801A0CNC15C003610
country-code CN
radio 1
channel 165
service-template 21
radio enable
radio 2
max-power 1
service-template 22
service-template 23
radio enable
ip route-static 0.0.0.0 0.0.0.0 192.168.220.254
dhcp server forbidden-ip 192.168.210.254
dhcp server forbidden-ip 192.168.215.254
dhcp enable
local-user admin
password simple admin
service-type telnet
level 3
Vlan 2020
Description manage vlan
Vlan 2010
Description ap manage vlan
Vlan 2012
Description psk and mac vlan
Vlan 2016
Description portal vlan
interface Vlan-interface2020
Description ac-lsw-manage-vlan
ip address 192.168.220.2 255.255.255.0
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan all
interface GigabitEthernet1/0/4
poe enable
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 2010
description xhm-ac-core
interface GigabitEthernet1/0/11
stp disable
port link-type trunk
port trunk permit vlan all
ip route-static 0.0.0.0 0.0.0.0 192.168.220.254
无线设置(交换引擎)
vlan 2010
description xhm-ap-manage
vlan 2020
description xhm-manage-vlan
interface Vlan-interface2020
ip address 192.168.220.2 255.255.255.0
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan all
interface GigabitEthernet1/0/4
poe enable
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 2010
description xhm-ac-ap
interface GigabitEthernet1/0/11
stp disable
port link-type trunk
port trunk permit vlan all
ip route-static 0.0.0.0 0.0.0.0 192.168.220.254 preference 60