已阅读5页,还剩6页未读, 继续免费阅读
版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
WLAN通过web认证,以下是BAS的配置:(红色部分为必须配置的)# sysname SNYUL-MC-CMNET-BAS03-XSEC-ME60# super password level 3 cipher REN.6A.1SQ=QMAF41! super password level 15 cipher JS,51EA,%B,.#C3YB91!# router id 218.200.1.148# user-group wlan user-group sxyd#diffserv domain default#radius-server group snmcc radius-server authentication 211.137.133.3 1812 weight 0 radius-server authentication 211.137.133.4 1812 weight 10 radius-server accounting 211.137.133.3 1813 weight 0 radius-server accounting 211.137.133.4 1813 weight 10 radius-server shared-key 135-139 radius-server class-as-car radius-server source interface LoopBack0 radius-server attribute translate undo radius-server user-name domain-included# bfd# mpls lsr-id 218.200.1.148 mpls#mpls ldp#acl number 2000 description NAT-IN rule 5 permit#acl number 2100 rule 5 permit source 10.37.0.0 0.0.7.255 rule 10 permit source 10.37.8.0 0.0.7.255 rule 15 deny#acl number 3000 rule 5 deny udp destination-port eq 593 rule 10 deny udp destination-port eq 1434 rule 15 deny udp destination-port eq 136 rule 20 deny udp destination-port eq 135 rule 25 deny udp destination-port eq 5554 rule 30 deny udp destination-port eq netbios-ns rule 35 deny udp destination-port eq netbios-ssn rule 40 deny udp destination-port eq 445 rule 45 deny tcp destination-port eq 4444 rule 50 deny tcp destination-port eq 135 rule 55 deny tcp destination-port eq 9996 rule 60 deny tcp destination-port eq 137 rule 65 deny tcp destination-port eq 139 rule 70 deny tcp destination-port eq 9995 rule 75 deny tcp destination-port eq 138 rule 80 deny tcp destination-port eq 5554 rule 85 deny tcp destination-port eq 445 rule 90 deny tcp destination-port eq 5800 rule 95 deny tcp destination-port eq 5900 rule 100 deny tcp destination-port eq 593 rule 105 deny tcp destination-port eq 1720 rule 110 deny tcp destination-port eq 136 rule 500 permit ip#acl number 6000 match-order auto rule 5 permit ip source ip-address 211.137.133.5 0 destination user-group wlan rule 10 permit ip source ip-address 211.137.130.3 0 destination user-group wlan rule 15 permit ip source ip-address 211.137.130.19 0 destination user-group wlan rule 30 permit ip source user-group wlan destination ip-address 211.137.130.3 0 rule 35 permit ip source user-group wlan destination ip-address 211.137.130.19 0 rule 40 permit ip source user-group wlan destination ip-address 211.137.133.5 0 rule 55 permit ip source user-group sxyd destination ip-address 211.137.130.3 0 rule 60 permit ip source user-group sxyd destination ip-address 211.137.130.19 0#acl number 6001 match-order auto rule 5 permit ip source user-group wlan destination ip-address any rule 10 permit ip source user-group sxyd destination ip-address any#traffic classifier virus operator or if-match acl 3000traffic classifier ylwlan-deny operator or if-match acl 6001traffic classifier ylwlan-permit operator or if-match acl 6000#traffic behavior antitraffic behavior permittraffic behavior deny deny #traffic policy ylwlan_traffic classifier ylwlan-permit behavior permit classifier ylwlan-deny behavior deny classifier virus behavior antitraffic-policy ylwlan_traffic inbound# qos-profile default#session-group-profile default#isis 100 graceful-restart is-level level-2 cost-style wide timer lsp-generation 1 50 50 level-2 network-entity 39.752f.0100.0014.0000.1000.0010.2182.0000.1148.00 is-name SNYUL-MC-CMNET-BAS03-XSEC-ME60 import-route direct import-route static timer spf 1 50 50 log-peer-change set-overload on-startup wait-for-bgp#interface Aux0/0/1#interface Virtual-Template0#interface Virtual-Template1#interface NULL0#interface LoopBack0 description For Management ip address 218.200.1.148 255.255.255.255 isis enable 100 isis circuit-level level-2#firewall zone zone1 priority 100#firewall zone zone2 priority 60#l2tp-group default-lac tunnel name Quidway #l2tp-group default-lns tunnel name Quidway#bgp 64650 router-id 218.200.1.148 group RR-L2 internalpeerRR-L2description TO-SNYL-PC-CMNET-RT01-NE40E/SNYUL-MB-CMNET-RT02-7750SR7 peer RR-L2 connect-interface LoopBack0 peer RR-L2 password cipher )M+08YOA3=;Q=QMAF41! peer 218.200.1.13 as-number 64650 peer 218.200.1.13 group RR-L2 peer 218.200.1.13 description SNYL-PC-CMNET-RT01-NE40E peer 218.200.1.153 as-number 64650 peer 218.200.1.153 group RR-L2 peer 218.200.1.153 description SNYUL-MB-CMNET-RT02-7750SR7 # ipv4-family unicast undo synchronization network 120.192.235.192 255.255.255.224*(发布NAT地址池)* maximum load-balancing 6 peer RR-L2 enable peer 218.200.1.13 enable peer 218.200.1.13 group RR-L2 peer 218.200.1.153 enable peer 218.200.1.153 group RR-L2 # ipv4-family vpnv4 policy vpn-target peer RR-L2 enable peer 218.200.1.13 enable peer 218.200.1.13 group RR-L2 peer 218.200.1.153 enable peer 218.200.1.153 group RR-L2#ip pool wlan local gateway 10.37.0.1 255.255.248.0 section 0 10.37.0.2 10.37.7.255 dns-server 211.137.130.3 dns-server 211.137.130.19 secondary#iptn# dpi pts# dpi global-policy # dpi dsu-mac#dpi restricted-policy# ancp neighbor-profile default-neighbor#dot1x-template 1#aaaauthentication-scheme none authentication-mode noneauthentication-scheme wlan authentication-mode noneauthentication-scheme radiusauthentication-scheme local authentication-mode localauthentication-scheme snmccaccounting-scheme none accounting-mode noneaccounting-scheme wlan accounting-mode none accounting-scheme radiusaccounting-scheme snmccdomain default0domain default1domain default_admin authentication-scheme localdomain onu-and-switch-guanli authentication-scheme none accounting-scheme nonedomain wlan.sn authentication-scheme snmcc accounting-scheme snmcc service-type hsi radius-server group snmcc ip-pool wlan zone zone1domain wlan authentication-scheme wlan accounting-scheme wlan service-type hsi web-server 211.137.133.5 web-server redirect-key user-ip-address wlanuserip user-group wlan ip-pool wlan zone zone1#local-aaa-server user huawei password cipher $F;-;KQQ%DJL.:OE)Q! authentication-type T level 0 user huawei01 password cipher /*T%HKU;Q=QMAF41! authentication-type T level 15#interface Eth-Trunk1 description TO-SNYL-PC-CMNET-RT01-NE40E-ETH-Trunk5=4G ip address 120.192.235.46 255.255.255.252 isis enable 100 isis circuit-level level-2 isis cost 100 level-2 mpls mpls ldp zone zone2#interface Eth-Trunk2 description TO-SNYUL-MB-CMNET-RT02-7750SR7-ETH-Trunk5=4G ip address 120.192.235.50 255.255.255.252 isis enable 100 isis circuit-level level-2 isis cost 200 level-2 mpls mpls ldp zone zone2#interface GigabitEthernet0/0/0 shutdown speed auto duplex auto#interface GigabitEthernet1/0/0 description TO-SNYL-PC-CMNET-RT01-NE40E-GE6/1/8=1G undo shutdown eth-trunk 1#interface GigabitEthernet1/0/1 description TO-SNYL-PC-CMNET-RT01-NE40E-GE6/1/9=1G undo shutdown eth-trunk 1#interface GigabitEthernet1/0/2 description TO-SNYL-PC-CMNET-RT01-NE40E-GE6/1/10=1G undo shutdown eth-trunk 1#interface GigabitEthernet1/0/3 description TO-SNYL-PC-CMNET-RT01-NE40E-GE6/1/11=1G undo shutdown eth-trunk 1#interface GigabitEthernet1/0/4 undo shutdown#interface GigabitEthernet1/0/5 shutdown#interface GigabitEthernet1/0/6 shutdown#interface GigabitEthernet1/0/7 shutdown#interface GigabitEthernet1/0/8 shutdown#interface GigabitEthernet1/0/9 shutdown#interface GigabitEthernet1/0/10 shutdown#interface GigabitEthernet1/0/11 shutdown#interface GigabitEthernet1/0/12 shutdown#interface GigabitEthernet1/0/13 shutdown#interface GigabitEthernet1/0/14 shutdown#interface GigabitEthernet1/0/15 shutdown#interface GigabitEthernet1/0/16 shutdown# interface GigabitEthernet1/0/17 shutdown#interface GigabitEthernet1/0/18 shutdown#interface GigabitEthernet1/0/19 shutdown#interface GigabitEthernet1/0/20 shutdown#interface GigabitEthernet1/0/21 shutdown#interface GigabitEthernet1/0/22 shutdown#interface GigabitEthernet1/0/23 shutdown#interface GigabitEthernet2/0/0 description TO-SNYUL-MB-CMNET-RT02-7750SR7-GE3/1/0=1G undo shutdown eth-trunk 2#interface GigabitEthernet2/0/1 description TO-SNYUL-MB-CMNET-RT02-7750SR7-GE3/1/1=1G undo shutdown eth-trunk 2#interface GigabitEthernet2/0/2 description TO-SNYUL-MB-CMNET-RT02-7750SR7-GE3/1/2=1G undo shutdown eth-trunk 2#interface GigabitEthernet2/0/3 description TO-SNYUL-MB-CMNET-RT02-7750SR7-GE3/1/3=1G undo shutdown eth-trunk 2#interface GigabitEthernet2/0/4 shutdown#interface GigabitEthernet2/0/5 shutdown #interface GigabitEthernet2/0/6 shutdown#interface GigabitEthernet2/0/7 shutdown#interface GigabitEthernet2/0/8 shutdown#interface GigabitEthernet2/0/9 shutdown#interface GigabitEthernet2/0/10 shutdown#interface GigabitEthernet2/0/11 shutdown#interface GigabitEthernet2/0/12 description WLAN-AC undo shutdown# interface GigabitEthernet2/0/12.2 description Wlan user-vlan 201 207 bas access-type layer2-subscriber default-domain pre-authentication wlan authentication wlan.sn nas-port-type 802.11 authentication-method web#interface GigabitEthernet2/0/13 shutd
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 2025广东广州市中山大学孙逸仙纪念医院超声科医教研岗位招聘考前自测高频考点模拟试题附答案详解(突破训练)
- 高铁防疫考试题及答案
- 公司财务合法合规责任承诺书(3篇)
- 绵阳护师考试试题及答案
- 高考理想考试题目及答案
- 高级素养考试题及答案解析
- 2025年病案管理专项测试卷附答案
- 肝脾破裂考试题及答案
- 助理医师笔试试题及答案
- 2025年自考数学统计真题及答案
- 国网 35kV~750kV输电线路绝缘子金具串通 用设计技术导则(试行)2024
- 销售业务外包合作协议范本7篇
- 统编版(2024)道德与法治一年级上册全册公开课一等奖创新教学设计
- 职业技术学院智能机器人技术专业人才培养方案
- 园林二级技师试题及答案
- 化工岗位操作纪律培训
- (高清版)DB11∕T1205-2024用能单位能源审计报告编制与审核技术规范
- 慢性阻塞性肺病临床路径教学的查房课件
- 北斗应用助力江西智慧农业
- Unit4Lesson19MeetLiMingsFamily(教学设计)-冀教版英语五年级上册
- 《子宫腺肌症》课件
评论
0/150
提交评论