無線 AC 無線網絡工程師 SSID acl

<AC6605>system-view
[AC6605] user-interface console 0
[AC6605-ui-console0] user privilege level 15
配置Console用戶界面的用戶驗證方式為密碼驗證
[AC6605-ui-console0] authentication-mode password
[AC6605-ui-console0] set authentication password cipher
Info: A plain text password is a string of 8 to 128 case-sensitive

characters and must be a combination of at least two of the follow

ing: uppercase letters A to Z, lowercase letters a to z, digits, and

special characters (including spaces and the following :`~!@#$%
^&*()-_=+|[{}];:‘",<.>/?). A cipher text password contains 56 or 68

characters.
Current Password: int
New Password:
Confirm New Password:
[AC6605-ui-console0] quit

[AC6605]quit
clock timezone BJ add 12:00:00
<AC6605> clock datetime 12:10:0 2017-07-26# 設置設備名稱和管理IP地址

。本例將設備接口GE0/0/1加入VLAN 1，使用VLANIF 1作為設備的管理網口,這

裏用vlan10。
說明：
AC6605可以直接使用MEth接口作為設備的管理網口。
<AC6605> system-view
[AC6605] sysname AC
[AC] vlan 10us
[AC-vlan1] quit
[AC] interface gigabitethernet 0/0/1
[AC-GigabitEthernet0/0/1] port link-type trunk

[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[AC-GigabitEthernet0/0/1] port trunk pvid vlan 10
[AC-GigabitEthernet0/0/1] quit
[AC] interface vlanif 10
[AC-Vlanif1] ip address 192.168.0.1 255.255.255.0
[AC-Vlanif1] quit# 設置Telnet用戶的級別和認證方式
[AC] telnet server enable
[AC] user-interface vty 0 4
[AC-ui-vty0-4] user privilege level 15
[AC-ui-vty0-4] authentication-mode aaa
[AC-ui-vty0-4] quit
[AC] aaa
[AC-aaa] local-user huawei password irreversible-cipher admin@huawei
[AC-aaa] local-user huawei privilege level 15
[AC-aaa] local-user huawei service-type telnet
[AC-aaa] quit

[AC] acl 2000
[AC-acl-basic-2000] rule deny source 10.1.1.1 0
[AC-acl-basic-2000] rule permit source any
[AC-acl-basic-2000] quit
[AC] user-interface vty 0 7
[AC-ui-vty0-7] acl 2000 inbound
配置VTY用戶界面的終端屬性

[AC-ui-vty0-7] shell
[AC-ui-vty0-7] idle-timeout 30
[AC-ui-vty0-7] screen-length 30
[AC-ui-vty0-7] history-command max-size 20
配置VTY用戶界面的用戶優先級

[AC-ui-vty0-7] user privilege level 2
配置VTY用戶界面的用戶驗證方式為密碼驗證

[AC-ui-vty0-7] authentication-mode password
[AC-ui-vty0-7] set authentication password cipher
Info: A plain text password is a string of 8 to 128 case-sensitive

characters and must be a combination of at least two of the follow
ing: uppercase letters A to Z, lowercase letters a to z, digits, and

special characters (including spaces and the following :`~!@#$%
^&*()-_=+|[{}];:‘",<.>/?). A cipher text password contains 56 or 68

characters.
Current Password:
New Password:
Confirm New Password:
[AC-ui-vty0-7] quit
配置自協商速率
[AC] interface gigabitethernet 0/0/1
[AC-GigabitEthernet0/0/1] negotiation auto
[AC-GigabitEthernet0/0/1] quit# 配置GE0/0/2的自協商。

[AC] interface gigabitethernet 0/0/2
[AC-GigabitEthernet0/0/2] negotiation auto
[AC-GigabitEthernet0/0/2] quit# 配置GE0/0/3的自協商。

[AC] interface gigabitethernet 0/0/3
[AC-GigabitEthernet0/0/3] negotiation auto
[AC-GigabitEthernet0/0/3] quit
配置自協商速率

配置GE0/0/1的自協商速率為10Mbit/s。

[AC] interface gigabitethernet 0/0/1
[AC-GigabitEthernet0/0/1] auto speed 10
[AC-GigabitEthernet0/0/1] q15uit# 配置GE0/0/2的自協商速率為10Mbit/s

。

[AC] interface gigabitethernet 0/0/2
[AC-GigabitEthernet0/0/2] auto speed 10
[AC-GigabitEthernet0/0/2] quit# 配置GE0/0/3的自協商速率為10Mbit/s。

[AC] interface gigabitethernet 0/0/3
[AC-GigabitEthernet0/0/3] auto speed 10
[AC-GigabitEthernet0/0/3] quit
配置端口隔離功能————需要隔離個別接口，可以使用此功能
interface gigabitethernet 0/0/4
[AC-GigabitEthernet0/0/4] port-isolate enable
[AC-GigabitEthernet0/0/4] quit
[AC] interface gigabitethernet 0/0/5
[AC-GigabitEthernet0/0/5] port-isolate enable
[AC-GigabitEthernet0/0/5] quit
註意：保持兩邊的協商模式一致，要麽都工作在自協商模式下，要麽都工作在

非自協商模式下。display interface顯示信息是“ENABLE”表示接口工作在

自協商狀態下；顯示信息是“DISABLE”表示接口工作在非自協商狀態下。
創建AP組——6005默認ap組名default，用dis ap all查看
所有AP組缺省已引用了名為default的AP系統模板、2G射頻模板、5G射頻模板

、域管理模板、WIDS模板和AP有線口模板。
[AC]ip pool toy
Info: It‘s successful to create an IP address pool.
註意：如果使用獨立的DHCP服務器為AP分配IP地址，必須配置option 43字段

，否則AP無法發現AC，最終AP無法在AC上線，具體配置方法參見對應設備的配

置手冊。
[AC]ip pool toy
[AC-ip-pool-toy]gateway-list 192.168.0.1
[AC-ip-pool-toy]network 192.168.0.1 mask 24
[AC-ip-pool-toy]dns-list 192.168.0.20
[AC-ip-pool-toy]domain-name huawei
直接連接AP的網絡設備端口，必須配置PVID為管理VLAN。
配置完了，我們看一下配置：
查看當前配置：
[toys]dis current-configuration
#
sysname toys
#
snmp-agent local-engineid 800007DB03000000000000
undo snmp-agent community complexity-check disable
snmp-agent
#
http timeout 3
#
vlan batch 100 102
#
wlan ac-global carrier id other ac id 1
#
dhcp enable
#
diffserv domain default
#
pki realm default
enrollment self-signed
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %@%@bo]Dnyrm1\x`qC3g=d;3Uw}%@%@
local-user admin service-type http
local-user huawei password cipher %@%@>eN0<<tjh:VqKG1uK,05,Um%@%@
local-user huawei service-type telnet
#
interface Vlanif100
ip address 192.168.10.10 255.255.255.0
#
interface Vlanif102
ip address 192.168.1.1 255.255.255.0
dhcp select interface
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 102
port trunk allow-pass vlan 102
port-isolate enable group 1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 102
port trunk allow-pass vlan 102
port-isolate enable group 1
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface Wlan-Ess0
port hybrid pvid vlan 102
port hybrid untagged vlan 102
#
interface NULL0
#
user-interface con 0
authentication-mode password
set authentication password cipher %@%@Ox-rTh0|e>--yD91Sk8G,.7}

[$sY6{w>W,O+1aXgj]8Q.7#,%@%@
br/>j]8Q.7#,%@%@
authentication-mode aaa
user privilege level 15
user-interface vty 16 20
#
wlan
wlan ac source interface vlanif102
ap-region id 102
ap id 1 type-id 19 mac 00e0-fc22-050b
region-id 102
ap id 2 type-id 19 mac 00e0-fc63-32d0 sn 210235448310A724CC6D
region-id 102
wmm-profile name huawei-ap1 id 0
wmm-profile name huawei-ap10 id 1
traffic-profile name huawei-ap id 0
security-profile name huawei-ap id 0
security-profile name uawei-ap id 1
security-policy wpa2
wpa2 authentication-method psk pass-phrase cipher %@%@[nu~=

$1yE&5bV_T{CV)#+~[S
%@%@ encryption-method ccmp
service-set name huawei-10 id 0
service-set name huawei-1 id 1
forward-mode tunnel
wlan-ess 0
ssid toy
traffic-profile id 0
security-profile id 0
radio-profile name huawei-ap10 id 0
ap 1 radio 0
work-mode monitor
device detect enable
countermeasures enable
countermeasures mode rogue ap spoof-ssid

ssid-whitelist ssid toy
#
return

華為AC-適合無線網絡工程師