xhm-test

 

URL

iMC

https：//172.20.65.146:8080/imc

深信服AC

https://172.20.154.1

深信服防火墙

https://172.20.154.6

设备名称	管理地址	账号	密码
SZPDC-CORE	172.20.154.13
SZPDC-core1	192.168.220.254	aaa	123456
AC	192.168.220.1	admin	admin
AC	192.168.220.2	admin	admin
ACCESS-1	192.168.220.3	admin	admin
ACCESS-2	192.168.220.4	admin	admin

IRF堆叠

SZPDC-CORE-1

system-view 
irf member 1 pri 20
interface range ten-gigabitethernet 1/0/47 to ten-gigabitethernet 1/0/48
shutdown
quit
irf-port 1/2
port group interface ten-gigabitethernet 1/0/48
quit
interface range Ten-gigabitethernet 1/0/47 to Ten-gigabitethernet 1/0/48
undo shutdown
quit
interface bridge-aggregation 3
quit
interface bridge-aggregation 1
link-aggregation mode dynamic
port link-type trunk 
port trunk permit vlan all
quit
interface bridge-aggregation 2
link-aggregation mode dynamic
port link-type trunk 
port trunk permit vlan all
quit
interface ten-gigabitethernet 1/0/1
port link-aggregation group 1
port link-type trunk 
port trunk permit vlan all
quit
interface ten-gigabitethernet 1/0/2
port link-type trunk 
port trunk permit vlan all
port link-aggregation group 2
quit
local-user admin
password simple admin
service-type telnet ssh
authorization-attribute user-role network-admin
undo authorization-attribute user-role network-operator
quit
user-interface vty 0 15
authentication-mode scheme
quit
telnet server enable
save f
sys
irf-port-configuration active

SZPDC-CORE-2

system-view 
irf member 2 pri 10
interface range ten-gigabitethernet 2/0/47 to ten-gigabitethernet 2/0/48
shutdown
quit
irf-port 2/1
port group interface ten-gigabitethernet 2/0/48
quit
interface range Ten-gigabitethernet 2/0/47 to Ten-gigabitethernet 2/0/48
undo shutdown
quit
interface bridge-aggregation 3
quit
interface bridge-aggregation 1
link-aggregation mode dynamic
port link-type trunk 
port trunk permit vlan all
quit
interface bridge-aggregation 2
link-aggregation mode dynamic
port link-type trunk 
port trunk permit vlan all
quit
interface ten-gigabitethernet 2/0/1
port link-aggregation group 1
port link-type trunk 
port trunk permit vlan all
quit
interface ten-gigabitethernet 2/0/2
port link-type trunk 
port trunk permit vlan all
port link-aggregation group 2
quit
local-user admin 
password simple admin
service-type telnet ssh
authorization-attribute user-role network-admin
undo authorization-attribute user-role network-operator
quit
user-interface vty 0 15
authentication-mode scheme
quit
telnet server enable
save f
sys
irf-port-configuration active

DHCP

SZPDC-CORE

vlan 2003
description xhm-bfd
vlan 2006
description xhm-access-1
vlan 2008
description xhm-access-2
vlan 2010
description xhm-ap-manage
vlan 2012
description xhm-psk-mac-test
vlan 2016
description xhm-portal-test
vlan 2020
description xhm-manage-vlan

dhcp server ip-pool xhm-2006
gateway-list 192.168.207.254
network 192.168.206.0 mask 255.255.254.0
dns-list 114.114.114.114
expired day 2
dhcp server ip-pool xhm-2008
gateway-list 192.168.209.254
network 192.168.208.0 mask 255.255.254.0
dns-list 114.114.114.114
expired day 2

interface Vlan-interface 2006
ip address 192.168.207.254 255.255.254.0
dhcp server apply ip-pool access-1

interface Vlan-interface 2008
ip address 192.168.209.254 255.255.254.0
dhcp server apply ip-pool access-2

interface Vlan-interface 2012
ip address 192.168.215.254 255.255.252.0
dhcp server apply ip-pool ap-psk-mac

interface Vlan-interface 2016
ip address 192.168.219.254 255.255.252.0
dhcp server apply ip-pool ap-portal

int vlan 2020
ip address 192.168.220.254 255.255.255.0

ACCESS-1

Sys
Vlan 2000 to 2020
Int vlanif 2020
Ip address 192.168.220.3 24
Quit
interface bridge-aggregation 1
port link-type trunk 
port trunk permit vlan all
quit
int ethernet 1/0/1 
port link-type trunk 
port trunk permit vlan all
port link-aggregation group 1
quit
int ethernet 1/0/2
port link-type trunk 
port trunk permit vlan all
port link-aggregation group 1
quit
local-user admin
password cipher admin
service-type telnet ssh
authorization-attribute user-level 3
quit
user-interface vty 0 15
authentication-mode scheme
quit
telnet server enable

ACCESS-2

Sys
Vlan 2000 to 2020
Int vlanif 2020
Ip address 192.168.220.4 24
Quit
interface bridge-aggregation 2
port link-type trunk 
port trunk permit vlan all
quit
int ethernet 1/0/1
port link-type trunk 
port trunk permit vlan all
port link-aggregation group 2
quit
int ethernet 1/0/2
port link-type trunk 
port trunk permit vlan all
port link-aggregation group 2
quit
local-user admin
password cipher admin
service-type telnet ssh
authorization-attribute user-level 3
quit
user-interface vty 0 15
authentication-mode scheme
quit
telnet server enable

端口镜像

mirroring-group group 4 local

interface Ten-GigabitEthernet1/0/20
port link-mode bridge
description xhm-monitor-test
mirroring-group 4 mirroring-port both

interface Ten-GigabitEthernet1/0/21
port link-mode bridge
description xhm-monitor-test
port access vlan 2008
mirroring-group 4 monitor-port

无线设置（AC引擎）

Sys
Sysname AC

Vlan 2010
Description ap manage vlan
Vlan 2012
Description psk and mac vlan
Vlan 2016
Description portal vlan
Vlan 2020
Description manage vlan

local-user admin
password cipher admin
authorization-attribute level 3
service-type telnet
service-type web

telnet server enable

port-security enable
portal server portal ip 172.20.65.146 key cipher szpdc12345 url http://172.20.65.146:8080/portal server-type imc
portal free-rule 0 source ip 192.168.210.254 mask 255.255.255.255 destination ip any
portal local-server http

radius scheme xhm-mac
primary authentication 172.20.65.146
primary accounting 172.20.65.146
key authentication cipher 12345678
key accounting cipher 12345678
user-name-format without-domain
nas-ip 192.168.220.1
radius scheme xhm-portal
primary authentication 172.20.65.146
primary accounting 172.20.65.146
key authentication cipher 12345678
key accounting cipher 12345678

domain xhm-mac
authentication lan-access radius-scheme xhm-mac
authorization lan-access radius-scheme xhm-mac
accounting lan-access radius-scheme xhm-mac
access-limit disable
state active
idle-cut enable 60 10240
self-service-url disable
domain xhm-portal
authentication portal radius-scheme xhm-portal
authorization portal radius-scheme xhm-portal
accounting portal radius-scheme xhm-portal
access-limit disable
state active
 
wlan auto-ap enable
wlan auto-persistent enable
password-recovery enable

wlan service-template 21 crypto
ssid xhm-psk
bind WLAN-ESS 21
cipher-suite cnmp
security-ie rsn
service-template enable

wlan ap-group default_group
ap 0cda-4100-5a60

dhcp server ip-pool xhm-ap-manage
gateway-list 192.168.210.254
network 192.168.210.0 mask 255.255.255.0
dns-list 114.114.114.114

dhcp server ip-pool xhm-psk-mac
gateway-list 192.168.215.254
network 192.168.212.0 mask 255.255.254.0
dns-list 114.114.114.114
expired day 2

dhcp server ip-pool xhm--portal
gateway-list 192.168.219.254
network 192.168.216.0 mask 255.255.254.0
dns-list 114.114.114.114
expired day 2

interface Vlan-interface 2010
ip address 192.168.210.254 255.255.255.0

interface Vlan-interface 2010
ip address 192.168.210.254 255.255.255.0
interface Vlan-interface 2012
ip address 192.168.215.254 255.255.252.0
interface Vlan-interface 2016
ip address 192.168.219.254 255.255.252.0
interface Vlan-interface 2020
ip address 192.168.220.1 255.255.255.0

wlan service-template 21 crypto
ssid xhm-psk
bind WLAN-ESS 21
cipher-suite ccmp
security-ie rsn
service-template enable

wlan service-template 22 clear
ssid xhm-mac
bind WLAN-ESS 22
service-template enable

wlan service-template 23 clear
description xhm-portal
ssid xhm-portal
bind WLAN-ESS 23
service-template enable

interface WLAN-ESS21
description xhm-psk
port access vlan 2012
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher szpdc12345

interface WLAN-ESS22
description xhm-mac
port access vlan 2012
port-security port-mode mac-authentication
mac-authentication domain xhm-mac

interface WLAN-ESS23
description xhm-portal
port access vlan 2016

wlan ap 3891-d5a7-c2c0 model WA2620i-AGN id 1
description xhm-uesing-ap
serial-id 219801A0CNC15C003610
country-code CN
radio 1
channel 165
service-template 21
radio enable
radio 2
max-power 1 
service-template 22
service-template 23
radio enable

ip route-static 0.0.0.0 0.0.0.0 192.168.220.254

dhcp server forbidden-ip 192.168.210.254
dhcp server forbidden-ip 192.168.215.254   
         
dhcp enable

local-user admin
password simple admin
service-type telnet
level 3

Vlan 2020
Description manage vlan
Vlan 2010
Description ap manage vlan
Vlan 2012
Description psk and mac vlan
Vlan 2016
Description portal vlan

interface Vlan-interface2020
Description ac-lsw-manage-vlan
ip address 192.168.220.2 255.255.255.0

interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan all

interface GigabitEthernet1/0/4
poe enable
port link-type trunk
port trunk permit vlan all
port trunk pvid vlan 2010
description xhm-ac-core

interface GigabitEthernet1/0/11
stp disable
port link-type trunk
port trunk permit vlan all

ip route-static 0.0.0.0 0.0.0.0 192.168.220.254

无线设置（交换引擎）

vlan 2010
description xhm-ap-manage

vlan 2020
description xhm-manage-vlan

interface Vlan-interface2020
ip address 192.168.220.2 255.255.255.0

interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan all

interface GigabitEthernet1/0/4
poe enable
port link-type trunk                     
port trunk permit vlan all
port trunk pvid vlan 2010
description xhm-ac-ap

interface GigabitEthernet1/0/11
stp disable
port link-type trunk
port trunk permit vlan all

ip route-static 0.0.0.0 0.0.0.0 192.168.220.254 preference 60