您的位置:360文档中心› 华为AC配置实例

华为AC配置实例

合集下载

华为AC配置实例

华为AC配置实例

华为无线控制器AC6005 配置(直接转发)∙∙∙Switch的配置文件∙#∙sysname Switch∙#∙vlan batch 100 to 101∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk pvid vlan 100∙ port trunk allow-pass vlan 100 to 101∙ port-isolate enable group 1∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101∙#return∙Router的配置文件∙#∙sysname Router∙#∙vlan batch 101∙#∙interface Vlanif101∙ ip∙#∙interface GigabitEthernet1/0/0∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙return∙AC的配置文件∙#∙ sysname AC∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif100∙ ip∙ dhcp select interface∙#∙interface Vlanif101∙ ip∙ dhcp select interface∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙capwap source interface vlanif100∙#∙wlan∙ security-profile name wlan-net∙ security wpa-wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes∙ ssid-profile name wlan-net∙ ssid wlan-net∙ vap-profile name wlan-net∙ service-vlan vlan-id 101∙ ssid-profile wlan-net∙ security-profile wlan-net∙ regulatory-domain-profile name default∙ rrm-profile name default∙ calibrate auto-channel-select disable∙ calibrate auto-txpower-select disable∙ ap-group name ap-group1∙ radio 0∙ vap-profile wlan-net wlan 1∙ radio 1∙ vap-profile wlan-net wlan 1∙ ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn∙ ap-name area_1∙ ap-group ap-group1∙ radio 0∙ channel 20mhz 6∙ eirp 127∙ radio 1∙ channel 20mhz 149∙ eirp 127∙#return华为无线控制器AC6005 配置(隧道转发)∙Switch的配置文件∙#∙sysname Switch∙#∙vlan batch 100∙#∙interface GigabitEthernet0/0/1 ∙ port link-type trunk∙ port trunk pvid vlan 100∙ port trunk allow-pass vlan 100 ∙ port-isolate enable group 1∙#∙interface GigabitEthernet0/0/2 ∙ port link-type trunk∙ port trunk allow-pass vlan 100 ∙#return∙Router的配置文件∙#∙sysname Router∙#∙vlan batch 101∙#∙interface Vlanif101∙ ip∙#∙interface GigabitEthernet1/0/0 ∙ port link-type trunk∙ port trunk allow-pass vlan 101 ∙#∙return∙AC的配置文件∙#∙ sysname AC∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif100∙ ip∙ dhcp select interface∙#∙interface Vlanif101∙ ip∙ dhcp select interface∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙capwap source interface vlanif100∙#∙wlan∙ security-profile name wlan-net∙ security wpa-wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes ∙ ssid-profile name wlan-net∙ ssid wlan-net∙ vap-profile name wlan-net∙ forward-mode tunnel∙ service-vlan vlan-id 101∙ ssid-profile wlan-net∙ security-profile wlan-net∙ regulatory-domain-profile name default∙ rrm-profile name default∙ calibrate auto-channel-select disable∙ calibrate auto-txpower-select disable∙ ap-group name ap-group1∙ radio 0∙ vap-profile wlan-net wlan 1∙ radio 1∙ vap-profile wlan-net wlan 1∙ ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn∙ ap-name area_1∙ ap-group ap-group1∙ radio 0∙ channel 20mhz 6∙ eirp 127∙ radio 1∙ channel 20mhz 149∙ eirp 127∙#return配置旁挂二层组网直接转发∙SwitchA的配置文件∙#∙sysname SwitchA∙vlan batch 100 to 101∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk pvid vlan 100∙ port trunk allow-pass vlan 100 to 101 ∙ port-isolate enable group 1∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101 ∙#return∙SwitchB的配置文件∙#∙sysname SwitchB∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif101∙ ip∙ dhcp select interface∙ dhcp∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101 ∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#∙interface GigabitEthernet0/0/3∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#return∙Router的配置文件∙#∙sysname Router∙#∙vlan batch 101∙#∙interface Vlanif101∙#∙interface GigabitEthernet1/0/0∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙return∙AC的配置文件∙#∙ sysname AC∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif100∙ ip∙ dhcp select interface∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#∙capwap source interface vlanif100∙#∙wlan∙ security-profile name wlan-net∙ security wpa-wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes ∙ ssid-profile name wlan-net∙ ssid wlan-net∙ vap-profile name wlan-net∙ service-vlan vlan-id 101∙ ssid-profile wlan-net∙ security-profile wlan-net∙ regulatory-domain-profile name default∙ rrm-profile name default∙ calibrate auto-channel-select disable∙ calibrate auto-txpower-select disable∙ ap-group name ap-group1∙ radio 0∙ vap-profile wlan-net wlan 1∙ radio 1∙ vap-profile wlan-net wlan 1∙ ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn∙ ap-name area_1∙ ap-group ap-group1∙ radio 0∙ channel 20mhz 6∙ eirp 127∙ radio 1∙ channel 20mhz 149∙ eirp 127∙#return配置旁挂二层组网隧道转∙SwitchA的配置文件∙#∙sysname SwitchA∙#∙vlan batch 100∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk pvid vlan 100∙ port trunk allow-pass vlan 100∙ port-isolate enable group 1∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#return∙SwitchB的配置文件∙#∙sysname SwitchB∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif101∙ ip∙ dhcp select interface∙ dhcp∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101∙#∙interface GigabitEthernet0/0/3∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#return∙Router的配置文件∙#∙sysname Router∙#∙vlan batch 101∙#∙interface Vlanif101∙ ip∙#∙interface GigabitEthernet1/0/0∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙return∙AC的配置文件∙#∙ sysname AC∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif100∙ ip∙ dhcp select interface∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101∙#∙capwap source interface vlanif100∙#∙wlan∙ calibrate enable schedule time 03:00:00∙ security-profile name wlan-net∙ security wpa-wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes ∙ ssid-profile name wlan-net∙ ssid wlan-net∙ vap-profile name wlan-net∙ forward-mode tunnel∙ service-vlan vlan-id 101∙ ssid-profile wlan-net∙ security-profile wlan-net∙ regulatory-domain-profile name default∙ dca-channel 5g channel-set 149,153,157,161∙ air-scan-profile name wlan-airscan∙ scan-channel-set dca-channel∙ rrm-profile name wlan-rrm∙ radio-2g-profile name wlan-radio2g∙ rrm-profile wlan-rrm∙ air-scan-profile wlan-airscan∙ radio-5g-profile name wlan-radio5g∙ rrm-profile wlan-rrm∙ air-scan-profile wlan-airscan∙ ap-group name ap-group1∙ radio 0∙ radio-2g-profile wlan-radio2g∙ vap-profile wlan-net wlan 1∙ radio 1∙ radio-5g-profile wlan-radio5g∙ vap-profile wlan-net wlan 1∙ ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn ∙ ap-name area_1∙ ap-group ap-group1∙#return。

由浅入深玩转华为WLAN----7 旁挂+三层+隧道转发方式组网

由浅入深玩转华为WLAN----7 旁挂+三层+隧道转发方式组网

WLAN配置示例2(旁挂组网隧道or直接转发),这种方式比较适合中小型企业,AC旁挂在三层交换机旁边,只是用于来与AP建立CAPWAP隧道,下发业务给AP,如果在隧道方式下的话,那么业务流量也会由CAPWAP隧道进行封装交给AC处理,再由AC来转发,而直接转发的话,则由AP本地交换了,不需要交给AC,这样可以减轻AC的负担,具体使用可以根据需求来决定。

掌握目标1、理解旁挂组网与直接or隧道转发的方式2、AP静态关联AC的方法【补充,之前都是以动态或者option43方式】3、三层交换机配置4、AC的配置5、只允许访客访问特定的流量,通过ACL下放拓扑具体的VLAN信息与IP网段都包括,该实验主要是演示三层组网旁挂+隧道或者直接转发方式的组网情况,并且包括怎么通过AC上面配置ACL来下放到AP上面限制客户端的流量。

1、理解旁挂组网与直接or隧道转发的方式如果在隧道方式下的话,那么业务流量也会由CAPWAP隧道进行封装交给AC处理,再由AC来转发,而直接转发的话,则由AP本地交换了,不需要交给AC,这样可以减轻AC的负担,还可以配需华为的feature,在AC失效后,AP还能继续为客户端提供业务转发。

2、AP静态关联AC的方法【补充,之前都是以动态或者option43方式】在AP上面配置模式为静态,配置自己的IP地址与网关,最后指定AC的地址在哪,重启设备即可。

3、三层交换机配置dhcp enableinterface Vlanif100ip address10.1.100.1255.255.255.0dhcp select interfacedhcp server option43sub-option3ascii10.1.201.100这里配置了option43,指定AC的地址#interface Vlanif101ip address10.1.101.1255.255.255.0 dhcp select interfacedhcp server dns-list8.8.8.8#interface Vlanif102ip address10.1.102.1255.255.255.0 dhcp select interfacedhcp server dns-list8.8.8.8#interface Vlanif200ip address10.1.200.2255.255.255.0 #interface Vlanif800ip address10.1.201.1255.255.255.0 #interface MEth0/0/1#interface GigabitEthernet0/0/1port link-type accessport default vlan100#interface GigabitEthernet0/0/2port link-type accessport default vlan100#interface GigabitEthernet0/0/3port link-type accessport default vlan200#interface GigabitEthernet0/0/4port link-type trunkport trunk allow-pass vlan100to102200800说明:这里演示是以隧道方式组网演示的,所以交换机接AP的接口都为Access接口,如果是直接转发的话,那么必须为hybrid或者trunk,其中PVID必须等于AC的源地址的VLAN,也就是与AP建立CAPWAP隧道的VLAN,为管理VLAN,然后还需要放行业务VLAN,否则PC关联不上,DHCP获取不到地址。

华为AC6005配置实例

华为AC6005配置实例

华为无线控制器AC6005 配置(直接转发)∙∙∙Switch的配置文件∙#∙sysname Switch∙#∙vlan batch 100 to 101∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk pvid vlan 100∙ port trunk allow-pass vlan 100 to 101∙ port-isolate enable group 1∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101∙#return∙Router的配置文件∙#∙sysname Router∙#∙vlan batch 101∙#∙interface Vlanif101∙ ip address 10.23.101.2 255.255.255.0∙#∙interface GigabitEthernet1/0/0∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙return∙AC的配置文件∙#∙ sysname AC∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif100∙ ip address 10.23.100.1 255.255.255.0∙ dhcp select interface∙#∙interface Vlanif101∙ ip address 10.23.101.1 255.255.255.0∙ dhcp select interface∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙capwap source interface vlanif100∙#∙wlan∙ security-profile name wlan-net∙ security wpa-wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes∙ ssid-profile name wlan-net∙ ssid wlan-net∙ vap-profile name wlan-net∙ service-vlan vlan-id 101∙ ssid-profile wlan-net∙ security-profile wlan-net∙ regulatory-domain-profile name default∙ rrm-profile name default∙ calibrate auto-channel-select disable∙ calibrate auto-txpower-select disable∙ ap-group name ap-group1∙ radio 0∙ vap-profile wlan-net wlan 1∙ radio 1∙ vap-profile wlan-net wlan 1∙ ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042 ∙ ap-name area_1∙ ap-group ap-group1∙ radio 0∙ channel 20mhz 6∙ eirp 127∙ radio 1∙ channel 20mhz 149∙ eirp 127∙#return华为无线控制器AC6005 配置(隧道转发)∙Switch的配置文件∙#∙sysname Switch∙#∙vlan batch 100∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk pvid vlan 100∙ port trunk allow-pass vlan 100∙ port-isolate enable group 1∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#return∙Router的配置文件∙#∙sysname Router∙#∙vlan batch 101∙#∙interface Vlanif101∙ ip address 10.23.101.2 255.255.255.0∙#∙interface GigabitEthernet1/0/0∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙return∙AC的配置文件∙#∙ sysname AC∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif100∙ ip address 10.23.100.1 255.255.255.0∙ dhcp select interface∙#∙interface Vlanif101∙ ip address 10.23.101.1 255.255.255.0∙ dhcp select interface∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙capwap source interface vlanif100∙#∙wlan∙ security-profile name wlan-net∙ security wpa-wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes∙ ssid-profile name wlan-net∙ ssid wlan-net∙ vap-profile name wlan-net∙ forward-mode tunnel∙ service-vlan vlan-id 101∙ ssid-profile wlan-net∙ security-profile wlan-net∙ regulatory-domain-profile name default∙ rrm-profile name default∙ calibrate auto-channel-select disable∙ calibrate auto-txpower-select disable∙ ap-group name ap-group1∙ radio 0∙ vap-profile wlan-net wlan 1∙ radio 1∙ vap-profile wlan-net wlan 1∙ ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042 ∙ ap-name area_1∙ ap-group ap-group1∙ radio 0∙ channel 20mhz 6∙ eirp 127∙ radio 1∙ channel 20mhz 149∙ eirp 127∙#return配置旁挂二层组网直接转发∙SwitchA的配置文件∙#∙sysname SwitchA∙#∙vlan batch 100 to 101∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk pvid vlan 100∙ port trunk allow-pass vlan 100 to 101∙ port-isolate enable group 1∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101∙#return∙SwitchB的配置文件∙#∙sysname SwitchB∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif101∙ ip address 10.23.101.1 255.255.255.0∙ dhcp select interface∙ dhcp server gateway-list 10.23.101.2∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#∙interface GigabitEthernet0/0/3∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#return∙Router的配置文件∙#∙sysname Router∙#∙vlan batch 101∙#∙interface Vlanif101∙ ip address 10.23.101.2 255.255.255.0∙#∙interface GigabitEthernet1/0/0∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙return∙AC的配置文件∙#∙ sysname AC∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif100∙ ip address 10.23.100.1 255.255.255.0∙ dhcp select interface∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#∙capwap source interface vlanif100∙#∙wlan∙ security-profile name wlan-net∙ security wpa-wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes ∙ ssid-profile name wlan-net∙ ssid wlan-net∙ vap-profile name wlan-net∙ service-vlan vlan-id 101∙ ssid-profile wlan-net∙ security-profile wlan-net∙ regulatory-domain-profile name default∙ rrm-profile name default∙ calibrate auto-channel-select disable∙ calibrate auto-txpower-select disable∙ ap-group name ap-group1∙ radio 0∙ vap-profile wlan-net wlan 1∙ radio 1∙ vap-profile wlan-net wlan 1∙ ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042 ∙ ap-name area_1∙ ap-group ap-group1∙ radio 0∙ channel 20mhz 6∙ eirp 127∙ radio 1∙ channel 20mhz 149∙ eirp 127∙#return配置旁挂二层组网隧道转∙SwitchA的配置文件∙#∙sysname SwitchA∙#∙vlan batch 100∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk pvid vlan 100∙ port trunk allow-pass vlan 100∙ port-isolate enable group 1∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#return∙SwitchB的配置文件∙#∙sysname SwitchB∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif101∙ ip address 10.23.101.1 255.255.255.0 ∙ dhcp select interface∙ dhcp server gateway-list 10.23.101.2 ∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101 ∙#∙interface GigabitEthernet0/0/3∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#return∙Router的配置文件∙#∙sysname Router∙#∙vlan batch 101∙#∙interface Vlanif101∙ ip address 10.23.101.2 255.255.255.0 ∙#∙interface GigabitEthernet1/0/0∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙return∙AC的配置文件∙#∙ sysname AC∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif100∙ ip address 10.23.100.1 255.255.255.0∙ dhcp select interface∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101∙#∙capwap source interface vlanif100∙#∙wlan∙ calibrate enable schedule time 03:00:00∙ security-profile name wlan-net∙ security wpa-wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes∙ ssid-profile name wlan-net∙ ssid wlan-net∙ vap-profile name wlan-net∙ forward-mode tunnel∙ service-vlan vlan-id 101∙ ssid-profile wlan-net∙ security-profile wlan-net∙ regulatory-domain-profile name default∙ dca-channel 5g channel-set 149,153,157,161∙ air-scan-profile name wlan-airscan∙ scan-channel-set dca-channel∙ rrm-profile name wlan-rrm∙ radio-2g-profile name wlan-radio2g∙ rrm-profile wlan-rrm∙ air-scan-profile wlan-airscan∙ radio-5g-profile name wlan-radio5g∙ rrm-profile wlan-rrm∙ air-scan-profile wlan-airscan∙ ap-group name ap-group1∙ radio 0∙ radio-2g-profile wlan-radio2g∙ vap-profile wlan-net wlan 1∙ radio 1∙ radio-5g-profile wlan-radio5g∙ vap-profile wlan-net wlan 1∙ ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042 ∙ ap-name area_1∙ ap-group ap-group1∙#return。

ACL访问控制列表的配置-高级ACL的配置示例-华为

ACL访问控制列表的配置-高级ACL的配置示例-华为

//拒绝PC1所在网段访问PC2
高级ACL的配置-在R1的接口上运用高级ACL
要求配置高级ACL,实现PC1所在网段不能访问PC2,但是PC1所在网段能够访问Server的www服务器,但不能访问f来自p服务。R1 G0/0/0
OSPF
G0/0/0 R2
12.1.1.1/24
12.1.1.2/24
G0/0/1 10.10.1.254/24
G0/0/1 10.10.2.254/24
G0/0/2 10.10.3.254/24
PC1 10.10.1.1/24
PC2 10.10.2.1/24
Server 10.10.3.1/24
[R1]interface G0/0/1
[R1-GigabitEthernet0/0/1]traffic-filter inbound acl 3000 //在接口的in方向应用ACL
G0/0/1 10.10.2.254/24
G0/0/2 10.10.3.254/24
PC1 10.10.1.1/24
PC2 10.10.2.1/24
Server 10.10.3.1/24
[R2-acl-adv-3000]rule 10 deny tcp source 10.10.1.0 0.0.0.255
Server 10.10.3.1/24
[R2]acl 3000
//定义一个高级acl3000
[R2-acl-adv-3000] rule 5 permit tcp source 10.10.1.0 0.0.0.255
destination 10.10.3.1 0 destination-port eq www //允许PC1所在网段访问server的www服务器

华为ac旁挂配置 命令

华为ac旁挂配置 命令

wlan
ap auth-mode mac-auth
ap-id 0 ap-mac 0006-f4c6-0b40
ap-name ap0
ap-group ap
y
ap-id 1 ap-mac 0006-f4c6-0da0
ap-name ap1
ap-group ap
y
ap-id 2 ap-mac 0006-f4c6-0d00
ap-name ap5
ap-group ap
y
quit
display ap all
security-profile name wlan-security
security wpa2 psk pass-phrase 88888888 aes
y
quit
ssid-profile name ssid-5G
dhcp select global
quit
wlan
regulatory-domain-profile name abc
country-code cn
quit
ap-group name ap
regulatory-domain-profile abc
y
quit
quit
capwap source interface vlanif 200
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
interface GigabitEthernet0/0/5
port link-
port trunk allow-pass vlan 100 to 101

华为AC配置实例

华为AC配置实例

华为无线控制器AC6005配置直接转发Switch的配置文件sysnameSwitchvlanbatch100to101interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkpvidvlan100porttrunkallow-passvlan100to101port-isolateenablegroup1interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan100to101returnRouter的配置文件sysnameRoutervlanbatch101interfaceVlanif101ipaddressinterfaceGigabitEthernet1/0/0portlink-typetrunkporttrunkallow-passvlan101returnAC的配置文件sysnameACvlanbatch100to101dhcpenableinterfaceVlanif100ipaddressdhcpselectinterfaceinterfaceVlanif101ipaddressdhcpselectinterfaceinterfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlan100to101interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan101capwapsourceinterfacevlanif100wlansecurity-profilenamewlan-netsecuritywpa-wpa2pskpass-phrase%^%m"tz0f>~7.`^6RWdzwCy16hJj/Mc,}s`XB}A%^%aes ssid-profilenamewlan-netssidwlan-netvap-profilenamewlan-netservice-vlanvlan-id101ssid-profilewlan-netsecurity-profilewlan-netregulatory-domain-profilenamedefaultrrm-profilenamedefaultcalibrateauto-channel-selectdisablecalibrateauto-txpower-selectdisableap-groupnameap-group1radio0vap-profilewlan-netwlan1radio1vap-profilewlan-netwlan1ap-id0type-id35ap-mac60de-4476-e360ap-snap-namearea_1ap-groupap-group1radio0channel20mhz6eirp127radio1channel20mhz149eirp127return华为无线控制器AC6005配置隧道转发Switch的配置文件sysnameSwitchvlanbatch100interfaceGigabitEthernet0/0/1 portlink-typetrunk porttrunkpvidvlan100 porttrunkallow-passvlan100 port-isolateenablegroup1interfaceGigabitEthernet0/0/2 portlink-typetrunk porttrunkallow-passvlan100returnRouter的配置文件sysnameRoutervlanbatch101interfaceVlanif101ipaddressinterfaceGigabitEthernet1/0/0 portlink-typetrunk porttrunkallow-passvlan101returnAC的配置文件sysnameACvlanbatch100to101 dhcpenableinterfaceVlanif100ipaddress dhcpselectinterfaceinterfaceVlanif101ipaddress dhcpselectinterfaceinterfaceGigabitEthernet0/0/1 portlink-typetrunk porttrunkallow-passvlan100interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan101capwapsourceinterfacevlanif100wlansecurity-profilenamewlan-netsecuritywpa-wpa2pskpass-phrase%^%m"tz0f>~7.`^6RWdzwCy16hJj/Mc,}s`XB}A%^%aes ssid-profilenamewlan-netssidwlan-netvap-profilenamewlan-netforward-modetunnelservice-vlanvlan-id101ssid-profilewlan-netsecurity-profilewlan-netregulatory-domain-profilenamedefaultrrm-profilenamedefaultcalibrateauto-channel-selectdisablecalibrateauto-txpower-selectdisableap-groupnameap-group1radio0vap-profilewlan-netwlan1radio1vap-profilewlan-netwlan1ap-id0type-id35ap-mac60de-4476-e360ap-snap-namearea_1ap-groupap-group1radio0channel20mhz6eirp127radio1channel20mhz149eirp127return配置旁挂二层组网直接转发SwitchA的配置文件sysnameSwitchAvlanbatch100to101interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkpvidvlan100porttrunkallow-passvlan100to101 port-isolateenablegroup1interfaceGigabitEthernet0/0/2 portlink-typetrunk porttrunkallow-passvlan100to101returnSwitchB的配置文件sysnameSwitchBvlanbatch100to101dhcpenableinterfaceVlanif101ipaddressdhcpselectinterface dhcpservergateway-listinterfaceGigabitEthernet0/0/1 portlink-typetrunk porttrunkallow-passvlan100to101interfaceGigabitEthernet0/0/2 portlink-typetrunk porttrunkallow-passvlan100interfaceGigabitEthernet0/0/3 portlink-typetrunk porttrunkallow-passvlan101returnRouter的配置文件sysnameRoutervlanbatch101interfaceVlanif101ipaddressinterfaceGigabitEthernet1/0/0 portlink-typetrunk porttrunkallow-passvlan101returnAC的配置文件sysnameACvlanbatch100to101dhcpenableinterfaceVlanif100ipaddressdhcpselectinterfaceinterfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlan100capwapsourceinterfacevlanif100wlansecurity-profilenamewlan-netsecuritywpa-wpa2pskpass-phrase%^%m"tz0f>~7.`^6RWdzwCy16hJj/Mc,}s`XB}A%^%aes ssid-profilenamewlan-netssidwlan-netvap-profilenamewlan-netservice-vlanvlan-id101ssid-profilewlan-netsecurity-profilewlan-netregulatory-domain-profilenamedefaultrrm-profilenamedefaultcalibrateauto-channel-selectdisablecalibrateauto-txpower-selectdisableap-groupnameap-group1radio0vap-profilewlan-netwlan1radio1vap-profilewlan-netwlan1ap-id0type-id35ap-mac60de-4476-e360ap-snap-namearea_1ap-groupap-group1radio0channel20mhz6eirp127radio1channel20mhz149eirp127return配置旁挂二层组网隧道转SwitchA的配置文件sysnameSwitchAvlanbatch100interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkpvidvlan100porttrunkallow-passvlan100port-isolateenablegroup1interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan100returnSwitchB的配置文件sysnameSwitchBvlanbatch100to101dhcpenableinterfaceVlanif101ipaddressdhcpselectinterfacedhcpservergateway-listinterfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlan100interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan100to101interfaceGigabitEthernet0/0/3portlink-typetrunkporttrunkallow-passvlan101returnRouter的配置文件sysnameRoutervlanbatch101interfaceVlanif101ipaddressinterfaceGigabitEthernet1/0/0portlink-typetrunkporttrunkallow-passvlan101returnAC的配置文件sysnameACvlanbatch100to101dhcpenableinterfaceVlanif100ipaddressdhcpselectinterfaceinterfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlan100to101capwapsourceinterfacevlanif100wlancalibrateenablescheduletime03:00:00security-profilenamewlan-netsecuritywpa-wpa2pskpass-phrase%^%m"tz0f>~7.`^6RWdzwCy16hJj/Mc,}s`XB}A%^%aes ssid-profilenamewlan-netssidwlan-netvap-profilenamewlan-netforward-modetunnelservice-vlanvlan-id101ssid-profilewlan-netsecurity-profilewlan-netregulatory-domain-profilenamedefaultdca-channel5gchannel-set149,153,157,161air-scan-profilenamewlan-airscanscan-channel-setdca-channelrrm-profilenamewlan-rrmradio-2g-profilenamewlan-radio2grrm-profilewlan-rrmair-scan-profilewlan-airscanradio-5g-profilenamewlan-radio5grrm-profilewlan-rrmair-scan-profilewlan-airscanap-groupnameap-group1radio0radio-2g-profilewlan-radio2gvap-profilewlan-netwlan1radio1radio-5g-profilewlan-radio5gvap-profilewlan-netwlan1ap-id0type-id35ap-mac60de-4476-e360ap-sn ap-namearea_1ap-groupap-group1return。

华为策略路由配置实例

华为策略路由配置实例

华为策略路由配置实例1、组网需求图1 策略路由组网示例图如上图1所示,公司用户通过Switch双归属到外部网络设备。

其中,一条是低速链路,网关为10.1.20.1/24;另外一条是高速链路,网关为10.1.30.1/24。

公司希望上送外部网络的报文中,IP优先级为4、5、6、7的报文通过高速链路传输,而IP优先级为0、1、2、3的报文则通过低速链路传输。

2、配置思路1、创建VLAN并配置各接口,实现公司和外部网络设备互连。

2、配置ACL规则,分别匹配IP优先级4、5、6、7,以及IP优先级0、1、2、3。

3、配置流分类,匹配规则为上述ACL规则,使设备可以对报文进行区分。

4、配置流行为,使满足不同规则的报文分别被重定向到10.1.20.1/24和10.1.30.1/24。

5、配置流策略,绑定上述流分类和流行为,并应用到接口GE2/0/1的入方向上,实现策略路由。

3、操作步骤3.1、创建VLAN并配置各接口# 在Switch上创建VLAN100和VLAN200。

<HUAWEI> system-view[HUAWEI] sysname Switch[Switch] vlan batch 100 200# 配置Switch上接口GE1/0/1、GE1/0/2和GE2/0/1的接口类型为Trunk,并加入VLAN100和VLAN200。

[Switch] interface gigabitethernet 1/0/1[Switch-GigabitEthernet1/0/1] port link-type trunk[Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 200 [Switch-GigabitEthernet1/0/1] quit[Switch] interface gigabitethernet 1/0/2[Switch-GigabitEthernet1/0/2] port link-type trunk[Switch-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 200 [Switch-GigabitEthernet1/0/2] quit[Switch] interface gigabitethernet 2/0/1[Switch-GigabitEthernet2/0/1] port link-type trunk[Switch-GigabitEthernet2/0/1] port trunk allow-pass vlan 100 200 [Switch-GigabitEthernet2/0/1] quit配置LSW与Switch对接的接口为Trunk类型接口,并加入VLAN100和VLAN200。

华为无线——旁挂式二层组网,数据业务直接转发

华为无线——旁挂式二层组网,数据业务直接转发

学号:姓名实验日期:年月日实验地点:机房成绩教师签字实验一旁挂式二层组网,数据业务直接转发一、实验要求: 必做二、实验类型:验证三、实验学时:2四、实验地点与环境:H3C实验室,瘦AP ,AC,二层交换机五、实验需求:1、AP通过自动认证的方式在AC上进行认证2、创建两个SSID,分别为huawei-1(不加密)信道为6和huawei-2(加密:密码123456789)信道为113、开启终端用户隔离六、实验内容1、网络的组网图如下:FIT-AP通过二层网络注册到AC组网图本次实验中管理vlan为100用于AP和AC之间的通信,业务vlan为101和102,业务vlan是接入终端使用的vlan。

一个ssid实际上可以理解为一个wlan-ess接口,且和一个业务vlan关联。

一个AP允许广播出多个ssid。

1、配置接入交换机vlan batch 100 to 102#vlan 100 为管理vlan用于为ap和ac之间的通信#Vlan101和vlan102为业务vlan用于移动终端的通信interface Ethernet0/0/1port link-type trunkport trunk pvid vlan 100# 因为ap与ac通过vlan100进行通信,而通过ap自身发出的数据是一个不打标签的数据帧,所以接入交换机需要为ap自身发出的数据打上vlan100的标签这样ap与ac才能建立通信。

#接入交换机该端口收到的数据不仅有ap自身发出的数据,还有终端向wlan-ess接口发送的数据,wlan-ess接口会将接口收到的数据打上业务vlan的标签,然后由ap进行转发。

因为接入交换机的该接口会收到不同vlan 的数据,所以接口的类型需要配置成trunk。

port trunk allow-pass vlan 100 to 102#华为交换机的接口类型为trunk,需要指定允许哪些vlan通过,不指点则所以vlan都不允许通过。

  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

华为无线控制器AC6005配置(直接转发)Switch的配置文件#sysnameSwitch#vlanbatch100to101#interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkpvidvlan100porttrunkallow-passvlan100to101port-isolateenablegroup1#interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan100to101#returnRouter的配置文件#sysnameRouter#vlanbatch101#interfaceVlanif101ipaddress#interfaceGigabitEthernet1/0/0portlink-typetrunkporttrunkallow-passvlan101#returnAC的配置文件#sysnameAC#vlanbatch100to101#dhcpenable#interfaceVlanif100ipaddressdhcpselectinterface#interfaceVlanif101ipaddressdhcpselectinterface#interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlan100to101#interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan101#capwapsourceinterfacevlanif100#wlansecurity-profilenamewlan-netsecuritywpa-wpa2pskpass-phrase%^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%#aes ssid-profilenamewlan-netssidwlan-netvap-profilenamewlan-netservice-vlanvlan-id101ssid-profilewlan-netsecurity-profilewlan-netregulatory-domain-profilenamedefaultrrm-profilenamedefaultcalibrateauto-channel-selectdisablecalibrateauto-txpower-selectdisableap-groupnameap-group1radio0vap-profilewlan-netwlan1radio1vap-profilewlan-netwlan1ap-id0type-id35ap-mac60de-4476-e360ap-snap-namearea_1ap-groupap-group1radio0channel20mhz6eirp127radio1channel20mhz149eirp127#return华为无线控制器AC6005配置(隧道转发)Switch的配置文件#sysnameSwitchvlanbatch100#interfaceGigabitEthernet0/0/1 portlink-typetrunk porttrunkpvidvlan100 porttrunkallow-passvlan100 port-isolateenablegroup1#interfaceGigabitEthernet0/0/2 portlink-typetrunk porttrunkallow-passvlan100#returnRouter的配置文件#sysnameRouter#vlanbatch101#interfaceVlanif101ipaddress#interfaceGigabitEthernet1/0/0 portlink-typetrunk porttrunkallow-passvlan101#returnAC的配置文件#sysnameAC#vlanbatch100to101#dhcpenable#interfaceVlanif100ipaddress dhcpselectinterface#interfaceVlanif101ipaddress dhcpselectinterface#interfaceGigabitEthernet0/0/1 portlink-typetrunk porttrunkallow-passvlan100interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan101#capwapsourceinterfacevlanif100#wlansecurity-profilenamewlan-netsecuritywpa-wpa2pskpass-phrase%^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%#aes ssid-profilenamewlan-netssidwlan-netvap-profilenamewlan-netforward-modetunnelservice-vlanvlan-id101ssid-profilewlan-netsecurity-profilewlan-netregulatory-domain-profilenamedefaultrrm-profilenamedefaultcalibrateauto-channel-selectdisablecalibrateauto-txpower-selectdisableap-groupnameap-group1radio0vap-profilewlan-netwlan1radio1vap-profilewlan-netwlan1ap-id0type-id35ap-mac60de-4476-e360ap-snap-namearea_1ap-groupap-group1radio0channel20mhz6eirp127radio1channel20mhz149eirp127#return配置旁挂二层组网直接转发SwitchA的配置文件#sysnameSwitchA#vlanbatch100to101#interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkpvidvlan100porttrunkallow-passvlan100to101 port-isolateenablegroup1#interfaceGigabitEthernet0/0/2 portlink-typetrunk porttrunkallow-passvlan100to101 #returnSwitchB的配置文件#sysnameSwitchB#vlanbatch100to101#dhcpenable#interfaceVlanif101ipaddressdhcpselectinterface dhcpservergateway-list#interfaceGigabitEthernet0/0/1 portlink-typetrunk porttrunkallow-passvlan100to101 #interfaceGigabitEthernet0/0/2 portlink-typetrunk porttrunkallow-passvlan100#interfaceGigabitEthernet0/0/3 portlink-typetrunk porttrunkallow-passvlan101#returnRouter的配置文件#sysnameRouter#vlanbatch101#interfaceVlanif101ipaddress#interfaceGigabitEthernet1/0/0 portlink-typetrunk porttrunkallow-passvlan101#returnAC的配置文件#sysnameAC#vlanbatch100to101#dhcpenable#interfaceVlanif100ipaddressdhcpselectinterface#interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlan100#capwapsourceinterfacevlanif100#wlansecurity-profilenamewlan-netsecuritywpa-wpa2pskpass-phrase%^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%#aes ssid-profilenamewlan-netssidwlan-netvap-profilenamewlan-netservice-vlanvlan-id101ssid-profilewlan-netsecurity-profilewlan-netregulatory-domain-profilenamedefaultrrm-profilenamedefaultcalibrateauto-channel-selectdisablecalibrateauto-txpower-selectdisableap-groupnameap-group1radio0vap-profilewlan-netwlan1radio1vap-profilewlan-netwlan1ap-id0type-id35ap-mac60de-4476-e360ap-snap-namearea_1ap-groupap-group1radio0channel20mhz6eirp127radio1channel20mhz149eirp127#return配置旁挂二层组网隧道转SwitchA的配置文件#sysnameSwitchA#vlanbatch100#interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkpvidvlan100porttrunkallow-passvlan100port-isolateenablegroup1#interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan100#returnSwitchB的配置文件#sysnameSwitchB#vlanbatch100to101#dhcpenable#interfaceVlanif101ipaddressdhcpselectinterfacedhcpservergateway-list#interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlan100#interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan100to101#interfaceGigabitEthernet0/0/3portlink-typetrunkporttrunkallow-passvlan101#returnRouter的配置文件#sysnameRouter#vlanbatch101#interfaceVlanif101ipaddress#interfaceGigabitEthernet1/0/0portlink-typetrunkporttrunkallow-passvlan101#returnAC的配置文件#sysnameAC#vlanbatch100to101#dhcpenable#interfaceVlanif100ipaddressdhcpselectinterface#interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlan100to101#capwapsourceinterfacevlanif100#wlancalibrateenablescheduletime03:00:00security-profilenamewlan-netsecuritywpa-wpa2pskpass-phrase%^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%#aes ssid-profilenamewlan-netssidwlan-netvap-profilenamewlan-netforward-modetunnelservice-vlanvlan-id101ssid-profilewlan-netsecurity-profilewlan-netregulatory-domain-profilenamedefaultdca-channel5gchannel-set149,153,157,161air-scan-profilenamewlan-airscanscan-channel-setdca-channelrrm-profilenamewlan-rrmradio-2g-profilenamewlan-radio2grrm-profilewlan-rrmair-scan-profilewlan-airscanradio-5g-profilenamewlan-radio5grrm-profilewlan-rrmair-scan-profilewlan-airscanap-groupnameap-group1radio0radio-2g-profilewlan-radio2gvap-profilewlan-netwlan1radio1radio-5g-profilewlan-radio5gvap-profilewlan-netwlan1ap-id0type-id35ap-mac60de-4476-e360ap-sn ap-namearea_1ap-groupap-group1#return。

相关文档
最新文档