华为AC配置实例
华为AC配置实例
华为无线控制器AC6005 配置(直接转发)∙∙∙Switch的配置文件∙#∙sysname Switch∙#∙vlan batch 100 to 101∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk pvid vlan 100∙ port trunk allow-pass vlan 100 to 101∙ port-isolate enable group 1∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101∙#return∙Router的配置文件∙#∙sysname Router∙#∙vlan batch 101∙#∙interface Vlanif101∙ ip∙#∙interface GigabitEthernet1/0/0∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙return∙AC的配置文件∙#∙ sysname AC∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif100∙ ip∙ dhcp select interface∙#∙interface Vlanif101∙ ip∙ dhcp select interface∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙capwap source interface vlanif100∙#∙wlan∙ security-profile name wlan-net∙ security wpa-wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes∙ ssid-profile name wlan-net∙ ssid wlan-net∙ vap-profile name wlan-net∙ service-vlan vlan-id 101∙ ssid-profile wlan-net∙ security-profile wlan-net∙ regulatory-domain-profile name default∙ rrm-profile name default∙ calibrate auto-channel-select disable∙ calibrate auto-txpower-select disable∙ ap-group name ap-group1∙ radio 0∙ vap-profile wlan-net wlan 1∙ radio 1∙ vap-profile wlan-net wlan 1∙ ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn∙ ap-name area_1∙ ap-group ap-group1∙ radio 0∙ channel 20mhz 6∙ eirp 127∙ radio 1∙ channel 20mhz 149∙ eirp 127∙#return华为无线控制器AC6005 配置(隧道转发)∙Switch的配置文件∙#∙sysname Switch∙#∙vlan batch 100∙#∙interface GigabitEthernet0/0/1 ∙ port link-type trunk∙ port trunk pvid vlan 100∙ port trunk allow-pass vlan 100 ∙ port-isolate enable group 1∙#∙interface GigabitEthernet0/0/2 ∙ port link-type trunk∙ port trunk allow-pass vlan 100 ∙#return∙Router的配置文件∙#∙sysname Router∙#∙vlan batch 101∙#∙interface Vlanif101∙ ip∙#∙interface GigabitEthernet1/0/0 ∙ port link-type trunk∙ port trunk allow-pass vlan 101 ∙#∙return∙AC的配置文件∙#∙ sysname AC∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif100∙ ip∙ dhcp select interface∙#∙interface Vlanif101∙ ip∙ dhcp select interface∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙capwap source interface vlanif100∙#∙wlan∙ security-profile name wlan-net∙ security wpa-wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes ∙ ssid-profile name wlan-net∙ ssid wlan-net∙ vap-profile name wlan-net∙ forward-mode tunnel∙ service-vlan vlan-id 101∙ ssid-profile wlan-net∙ security-profile wlan-net∙ regulatory-domain-profile name default∙ rrm-profile name default∙ calibrate auto-channel-select disable∙ calibrate auto-txpower-select disable∙ ap-group name ap-group1∙ radio 0∙ vap-profile wlan-net wlan 1∙ radio 1∙ vap-profile wlan-net wlan 1∙ ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn∙ ap-name area_1∙ ap-group ap-group1∙ radio 0∙ channel 20mhz 6∙ eirp 127∙ radio 1∙ channel 20mhz 149∙ eirp 127∙#return配置旁挂二层组网直接转发∙SwitchA的配置文件∙#∙sysname SwitchA∙vlan batch 100 to 101∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk pvid vlan 100∙ port trunk allow-pass vlan 100 to 101 ∙ port-isolate enable group 1∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101 ∙#return∙SwitchB的配置文件∙#∙sysname SwitchB∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif101∙ ip∙ dhcp select interface∙ dhcp∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101 ∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#∙interface GigabitEthernet0/0/3∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#return∙Router的配置文件∙#∙sysname Router∙#∙vlan batch 101∙#∙interface Vlanif101∙#∙interface GigabitEthernet1/0/0∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙return∙AC的配置文件∙#∙ sysname AC∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif100∙ ip∙ dhcp select interface∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#∙capwap source interface vlanif100∙#∙wlan∙ security-profile name wlan-net∙ security wpa-wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes ∙ ssid-profile name wlan-net∙ ssid wlan-net∙ vap-profile name wlan-net∙ service-vlan vlan-id 101∙ ssid-profile wlan-net∙ security-profile wlan-net∙ regulatory-domain-profile name default∙ rrm-profile name default∙ calibrate auto-channel-select disable∙ calibrate auto-txpower-select disable∙ ap-group name ap-group1∙ radio 0∙ vap-profile wlan-net wlan 1∙ radio 1∙ vap-profile wlan-net wlan 1∙ ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn∙ ap-name area_1∙ ap-group ap-group1∙ radio 0∙ channel 20mhz 6∙ eirp 127∙ radio 1∙ channel 20mhz 149∙ eirp 127∙#return配置旁挂二层组网隧道转∙SwitchA的配置文件∙#∙sysname SwitchA∙#∙vlan batch 100∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk pvid vlan 100∙ port trunk allow-pass vlan 100∙ port-isolate enable group 1∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#return∙SwitchB的配置文件∙#∙sysname SwitchB∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif101∙ ip∙ dhcp select interface∙ dhcp∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101∙#∙interface GigabitEthernet0/0/3∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#return∙Router的配置文件∙#∙sysname Router∙#∙vlan batch 101∙#∙interface Vlanif101∙ ip∙#∙interface GigabitEthernet1/0/0∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙return∙AC的配置文件∙#∙ sysname AC∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif100∙ ip∙ dhcp select interface∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101∙#∙capwap source interface vlanif100∙#∙wlan∙ calibrate enable schedule time 03:00:00∙ security-profile name wlan-net∙ security wpa-wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes ∙ ssid-profile name wlan-net∙ ssid wlan-net∙ vap-profile name wlan-net∙ forward-mode tunnel∙ service-vlan vlan-id 101∙ ssid-profile wlan-net∙ security-profile wlan-net∙ regulatory-domain-profile name default∙ dca-channel 5g channel-set 149,153,157,161∙ air-scan-profile name wlan-airscan∙ scan-channel-set dca-channel∙ rrm-profile name wlan-rrm∙ radio-2g-profile name wlan-radio2g∙ rrm-profile wlan-rrm∙ air-scan-profile wlan-airscan∙ radio-5g-profile name wlan-radio5g∙ rrm-profile wlan-rrm∙ air-scan-profile wlan-airscan∙ ap-group name ap-group1∙ radio 0∙ radio-2g-profile wlan-radio2g∙ vap-profile wlan-net wlan 1∙ radio 1∙ radio-5g-profile wlan-radio5g∙ vap-profile wlan-net wlan 1∙ ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn ∙ ap-name area_1∙ ap-group ap-group1∙#return。
由浅入深玩转华为WLAN----7 旁挂+三层+隧道转发方式组网
WLAN配置示例2(旁挂组网隧道or直接转发),这种方式比较适合中小型企业,AC旁挂在三层交换机旁边,只是用于来与AP建立CAPWAP隧道,下发业务给AP,如果在隧道方式下的话,那么业务流量也会由CAPWAP隧道进行封装交给AC处理,再由AC来转发,而直接转发的话,则由AP本地交换了,不需要交给AC,这样可以减轻AC的负担,具体使用可以根据需求来决定。
掌握目标1、理解旁挂组网与直接or隧道转发的方式2、AP静态关联AC的方法【补充,之前都是以动态或者option43方式】3、三层交换机配置4、AC的配置5、只允许访客访问特定的流量,通过ACL下放拓扑具体的VLAN信息与IP网段都包括,该实验主要是演示三层组网旁挂+隧道或者直接转发方式的组网情况,并且包括怎么通过AC上面配置ACL来下放到AP上面限制客户端的流量。
1、理解旁挂组网与直接or隧道转发的方式如果在隧道方式下的话,那么业务流量也会由CAPWAP隧道进行封装交给AC处理,再由AC来转发,而直接转发的话,则由AP本地交换了,不需要交给AC,这样可以减轻AC的负担,还可以配需华为的feature,在AC失效后,AP还能继续为客户端提供业务转发。
2、AP静态关联AC的方法【补充,之前都是以动态或者option43方式】在AP上面配置模式为静态,配置自己的IP地址与网关,最后指定AC的地址在哪,重启设备即可。
3、三层交换机配置dhcp enableinterface Vlanif100ip address10.1.100.1255.255.255.0dhcp select interfacedhcp server option43sub-option3ascii10.1.201.100这里配置了option43,指定AC的地址#interface Vlanif101ip address10.1.101.1255.255.255.0 dhcp select interfacedhcp server dns-list8.8.8.8#interface Vlanif102ip address10.1.102.1255.255.255.0 dhcp select interfacedhcp server dns-list8.8.8.8#interface Vlanif200ip address10.1.200.2255.255.255.0 #interface Vlanif800ip address10.1.201.1255.255.255.0 #interface MEth0/0/1#interface GigabitEthernet0/0/1port link-type accessport default vlan100#interface GigabitEthernet0/0/2port link-type accessport default vlan100#interface GigabitEthernet0/0/3port link-type accessport default vlan200#interface GigabitEthernet0/0/4port link-type trunkport trunk allow-pass vlan100to102200800说明:这里演示是以隧道方式组网演示的,所以交换机接AP的接口都为Access接口,如果是直接转发的话,那么必须为hybrid或者trunk,其中PVID必须等于AC的源地址的VLAN,也就是与AP建立CAPWAP隧道的VLAN,为管理VLAN,然后还需要放行业务VLAN,否则PC关联不上,DHCP获取不到地址。
华为AC6005配置实例
华为无线控制器AC6005 配置(直接转发)∙∙∙Switch的配置文件∙#∙sysname Switch∙#∙vlan batch 100 to 101∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk pvid vlan 100∙ port trunk allow-pass vlan 100 to 101∙ port-isolate enable group 1∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101∙#return∙Router的配置文件∙#∙sysname Router∙#∙vlan batch 101∙#∙interface Vlanif101∙ ip address 10.23.101.2 255.255.255.0∙#∙interface GigabitEthernet1/0/0∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙return∙AC的配置文件∙#∙ sysname AC∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif100∙ ip address 10.23.100.1 255.255.255.0∙ dhcp select interface∙#∙interface Vlanif101∙ ip address 10.23.101.1 255.255.255.0∙ dhcp select interface∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙capwap source interface vlanif100∙#∙wlan∙ security-profile name wlan-net∙ security wpa-wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes∙ ssid-profile name wlan-net∙ ssid wlan-net∙ vap-profile name wlan-net∙ service-vlan vlan-id 101∙ ssid-profile wlan-net∙ security-profile wlan-net∙ regulatory-domain-profile name default∙ rrm-profile name default∙ calibrate auto-channel-select disable∙ calibrate auto-txpower-select disable∙ ap-group name ap-group1∙ radio 0∙ vap-profile wlan-net wlan 1∙ radio 1∙ vap-profile wlan-net wlan 1∙ ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042 ∙ ap-name area_1∙ ap-group ap-group1∙ radio 0∙ channel 20mhz 6∙ eirp 127∙ radio 1∙ channel 20mhz 149∙ eirp 127∙#return华为无线控制器AC6005 配置(隧道转发)∙Switch的配置文件∙#∙sysname Switch∙#∙vlan batch 100∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk pvid vlan 100∙ port trunk allow-pass vlan 100∙ port-isolate enable group 1∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#return∙Router的配置文件∙#∙sysname Router∙#∙vlan batch 101∙#∙interface Vlanif101∙ ip address 10.23.101.2 255.255.255.0∙#∙interface GigabitEthernet1/0/0∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙return∙AC的配置文件∙#∙ sysname AC∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif100∙ ip address 10.23.100.1 255.255.255.0∙ dhcp select interface∙#∙interface Vlanif101∙ ip address 10.23.101.1 255.255.255.0∙ dhcp select interface∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙capwap source interface vlanif100∙#∙wlan∙ security-profile name wlan-net∙ security wpa-wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes∙ ssid-profile name wlan-net∙ ssid wlan-net∙ vap-profile name wlan-net∙ forward-mode tunnel∙ service-vlan vlan-id 101∙ ssid-profile wlan-net∙ security-profile wlan-net∙ regulatory-domain-profile name default∙ rrm-profile name default∙ calibrate auto-channel-select disable∙ calibrate auto-txpower-select disable∙ ap-group name ap-group1∙ radio 0∙ vap-profile wlan-net wlan 1∙ radio 1∙ vap-profile wlan-net wlan 1∙ ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042 ∙ ap-name area_1∙ ap-group ap-group1∙ radio 0∙ channel 20mhz 6∙ eirp 127∙ radio 1∙ channel 20mhz 149∙ eirp 127∙#return配置旁挂二层组网直接转发∙SwitchA的配置文件∙#∙sysname SwitchA∙#∙vlan batch 100 to 101∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk pvid vlan 100∙ port trunk allow-pass vlan 100 to 101∙ port-isolate enable group 1∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101∙#return∙SwitchB的配置文件∙#∙sysname SwitchB∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif101∙ ip address 10.23.101.1 255.255.255.0∙ dhcp select interface∙ dhcp server gateway-list 10.23.101.2∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#∙interface GigabitEthernet0/0/3∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#return∙Router的配置文件∙#∙sysname Router∙#∙vlan batch 101∙#∙interface Vlanif101∙ ip address 10.23.101.2 255.255.255.0∙#∙interface GigabitEthernet1/0/0∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙return∙AC的配置文件∙#∙ sysname AC∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif100∙ ip address 10.23.100.1 255.255.255.0∙ dhcp select interface∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#∙capwap source interface vlanif100∙#∙wlan∙ security-profile name wlan-net∙ security wpa-wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes ∙ ssid-profile name wlan-net∙ ssid wlan-net∙ vap-profile name wlan-net∙ service-vlan vlan-id 101∙ ssid-profile wlan-net∙ security-profile wlan-net∙ regulatory-domain-profile name default∙ rrm-profile name default∙ calibrate auto-channel-select disable∙ calibrate auto-txpower-select disable∙ ap-group name ap-group1∙ radio 0∙ vap-profile wlan-net wlan 1∙ radio 1∙ vap-profile wlan-net wlan 1∙ ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042 ∙ ap-name area_1∙ ap-group ap-group1∙ radio 0∙ channel 20mhz 6∙ eirp 127∙ radio 1∙ channel 20mhz 149∙ eirp 127∙#return配置旁挂二层组网隧道转∙SwitchA的配置文件∙#∙sysname SwitchA∙#∙vlan batch 100∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk pvid vlan 100∙ port trunk allow-pass vlan 100∙ port-isolate enable group 1∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#return∙SwitchB的配置文件∙#∙sysname SwitchB∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif101∙ ip address 10.23.101.1 255.255.255.0 ∙ dhcp select interface∙ dhcp server gateway-list 10.23.101.2 ∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100∙#∙interface GigabitEthernet0/0/2∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101 ∙#∙interface GigabitEthernet0/0/3∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#return∙Router的配置文件∙#∙sysname Router∙#∙vlan batch 101∙#∙interface Vlanif101∙ ip address 10.23.101.2 255.255.255.0 ∙#∙interface GigabitEthernet1/0/0∙ port link-type trunk∙ port trunk allow-pass vlan 101∙#∙return∙AC的配置文件∙#∙ sysname AC∙#∙vlan batch 100 to 101∙#∙dhcp enable∙#∙interface Vlanif100∙ ip address 10.23.100.1 255.255.255.0∙ dhcp select interface∙#∙interface GigabitEthernet0/0/1∙ port link-type trunk∙ port trunk allow-pass vlan 100 to 101∙#∙capwap source interface vlanif100∙#∙wlan∙ calibrate enable schedule time 03:00:00∙ security-profile name wlan-net∙ security wpa-wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes∙ ssid-profile name wlan-net∙ ssid wlan-net∙ vap-profile name wlan-net∙ forward-mode tunnel∙ service-vlan vlan-id 101∙ ssid-profile wlan-net∙ security-profile wlan-net∙ regulatory-domain-profile name default∙ dca-channel 5g channel-set 149,153,157,161∙ air-scan-profile name wlan-airscan∙ scan-channel-set dca-channel∙ rrm-profile name wlan-rrm∙ radio-2g-profile name wlan-radio2g∙ rrm-profile wlan-rrm∙ air-scan-profile wlan-airscan∙ radio-5g-profile name wlan-radio5g∙ rrm-profile wlan-rrm∙ air-scan-profile wlan-airscan∙ ap-group name ap-group1∙ radio 0∙ radio-2g-profile wlan-radio2g∙ vap-profile wlan-net wlan 1∙ radio 1∙ radio-5g-profile wlan-radio5g∙ vap-profile wlan-net wlan 1∙ ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042 ∙ ap-name area_1∙ ap-group ap-group1∙#return。
ACL访问控制列表的配置-高级ACL的配置示例-华为
//拒绝PC1所在网段访问PC2
高级ACL的配置-在R1的接口上运用高级ACL
要求配置高级ACL,实现PC1所在网段不能访问PC2,但是PC1所在网段能够访问Server的www服务器,但不能访问f来自p服务。R1 G0/0/0
OSPF
G0/0/0 R2
12.1.1.1/24
12.1.1.2/24
G0/0/1 10.10.1.254/24
G0/0/1 10.10.2.254/24
G0/0/2 10.10.3.254/24
PC1 10.10.1.1/24
PC2 10.10.2.1/24
Server 10.10.3.1/24
[R1]interface G0/0/1
[R1-GigabitEthernet0/0/1]traffic-filter inbound acl 3000 //在接口的in方向应用ACL
G0/0/1 10.10.2.254/24
G0/0/2 10.10.3.254/24
PC1 10.10.1.1/24
PC2 10.10.2.1/24
Server 10.10.3.1/24
[R2-acl-adv-3000]rule 10 deny tcp source 10.10.1.0 0.0.0.255
Server 10.10.3.1/24
[R2]acl 3000
//定义一个高级acl3000
[R2-acl-adv-3000] rule 5 permit tcp source 10.10.1.0 0.0.0.255
destination 10.10.3.1 0 destination-port eq www //允许PC1所在网段访问server的www服务器
华为ac旁挂配置 命令
wlan
ap auth-mode mac-auth
ap-id 0 ap-mac 0006-f4c6-0b40
ap-name ap0
ap-group ap
y
ap-id 1 ap-mac 0006-f4c6-0da0
ap-name ap1
ap-group ap
y
ap-id 2 ap-mac 0006-f4c6-0d00
ap-name ap5
ap-group ap
y
quit
display ap all
security-profile name wlan-security
security wpa2 psk pass-phrase 88888888 aes
y
quit
ssid-profile name ssid-5G
dhcp select global
quit
wlan
regulatory-domain-profile name abc
country-code cn
quit
ap-group name ap
regulatory-domain-profile abc
y
quit
quit
capwap source interface vlanif 200
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
interface GigabitEthernet0/0/5
port link-
port trunk allow-pass vlan 100 to 101
华为AC配置实例
华为无线控制器AC6005配置直接转发Switch的配置文件sysnameSwitchvlanbatch100to101interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkpvidvlan100porttrunkallow-passvlan100to101port-isolateenablegroup1interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan100to101returnRouter的配置文件sysnameRoutervlanbatch101interfaceVlanif101ipaddressinterfaceGigabitEthernet1/0/0portlink-typetrunkporttrunkallow-passvlan101returnAC的配置文件sysnameACvlanbatch100to101dhcpenableinterfaceVlanif100ipaddressdhcpselectinterfaceinterfaceVlanif101ipaddressdhcpselectinterfaceinterfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlan100to101interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan101capwapsourceinterfacevlanif100wlansecurity-profilenamewlan-netsecuritywpa-wpa2pskpass-phrase%^%m"tz0f>~7.`^6RWdzwCy16hJj/Mc,}s`XB}A%^%aes ssid-profilenamewlan-netssidwlan-netvap-profilenamewlan-netservice-vlanvlan-id101ssid-profilewlan-netsecurity-profilewlan-netregulatory-domain-profilenamedefaultrrm-profilenamedefaultcalibrateauto-channel-selectdisablecalibrateauto-txpower-selectdisableap-groupnameap-group1radio0vap-profilewlan-netwlan1radio1vap-profilewlan-netwlan1ap-id0type-id35ap-mac60de-4476-e360ap-snap-namearea_1ap-groupap-group1radio0channel20mhz6eirp127radio1channel20mhz149eirp127return华为无线控制器AC6005配置隧道转发Switch的配置文件sysnameSwitchvlanbatch100interfaceGigabitEthernet0/0/1 portlink-typetrunk porttrunkpvidvlan100 porttrunkallow-passvlan100 port-isolateenablegroup1interfaceGigabitEthernet0/0/2 portlink-typetrunk porttrunkallow-passvlan100returnRouter的配置文件sysnameRoutervlanbatch101interfaceVlanif101ipaddressinterfaceGigabitEthernet1/0/0 portlink-typetrunk porttrunkallow-passvlan101returnAC的配置文件sysnameACvlanbatch100to101 dhcpenableinterfaceVlanif100ipaddress dhcpselectinterfaceinterfaceVlanif101ipaddress dhcpselectinterfaceinterfaceGigabitEthernet0/0/1 portlink-typetrunk porttrunkallow-passvlan100interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan101capwapsourceinterfacevlanif100wlansecurity-profilenamewlan-netsecuritywpa-wpa2pskpass-phrase%^%m"tz0f>~7.`^6RWdzwCy16hJj/Mc,}s`XB}A%^%aes ssid-profilenamewlan-netssidwlan-netvap-profilenamewlan-netforward-modetunnelservice-vlanvlan-id101ssid-profilewlan-netsecurity-profilewlan-netregulatory-domain-profilenamedefaultrrm-profilenamedefaultcalibrateauto-channel-selectdisablecalibrateauto-txpower-selectdisableap-groupnameap-group1radio0vap-profilewlan-netwlan1radio1vap-profilewlan-netwlan1ap-id0type-id35ap-mac60de-4476-e360ap-snap-namearea_1ap-groupap-group1radio0channel20mhz6eirp127radio1channel20mhz149eirp127return配置旁挂二层组网直接转发SwitchA的配置文件sysnameSwitchAvlanbatch100to101interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkpvidvlan100porttrunkallow-passvlan100to101 port-isolateenablegroup1interfaceGigabitEthernet0/0/2 portlink-typetrunk porttrunkallow-passvlan100to101returnSwitchB的配置文件sysnameSwitchBvlanbatch100to101dhcpenableinterfaceVlanif101ipaddressdhcpselectinterface dhcpservergateway-listinterfaceGigabitEthernet0/0/1 portlink-typetrunk porttrunkallow-passvlan100to101interfaceGigabitEthernet0/0/2 portlink-typetrunk porttrunkallow-passvlan100interfaceGigabitEthernet0/0/3 portlink-typetrunk porttrunkallow-passvlan101returnRouter的配置文件sysnameRoutervlanbatch101interfaceVlanif101ipaddressinterfaceGigabitEthernet1/0/0 portlink-typetrunk porttrunkallow-passvlan101returnAC的配置文件sysnameACvlanbatch100to101dhcpenableinterfaceVlanif100ipaddressdhcpselectinterfaceinterfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlan100capwapsourceinterfacevlanif100wlansecurity-profilenamewlan-netsecuritywpa-wpa2pskpass-phrase%^%m"tz0f>~7.`^6RWdzwCy16hJj/Mc,}s`XB}A%^%aes ssid-profilenamewlan-netssidwlan-netvap-profilenamewlan-netservice-vlanvlan-id101ssid-profilewlan-netsecurity-profilewlan-netregulatory-domain-profilenamedefaultrrm-profilenamedefaultcalibrateauto-channel-selectdisablecalibrateauto-txpower-selectdisableap-groupnameap-group1radio0vap-profilewlan-netwlan1radio1vap-profilewlan-netwlan1ap-id0type-id35ap-mac60de-4476-e360ap-snap-namearea_1ap-groupap-group1radio0channel20mhz6eirp127radio1channel20mhz149eirp127return配置旁挂二层组网隧道转SwitchA的配置文件sysnameSwitchAvlanbatch100interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkpvidvlan100porttrunkallow-passvlan100port-isolateenablegroup1interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan100returnSwitchB的配置文件sysnameSwitchBvlanbatch100to101dhcpenableinterfaceVlanif101ipaddressdhcpselectinterfacedhcpservergateway-listinterfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlan100interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan100to101interfaceGigabitEthernet0/0/3portlink-typetrunkporttrunkallow-passvlan101returnRouter的配置文件sysnameRoutervlanbatch101interfaceVlanif101ipaddressinterfaceGigabitEthernet1/0/0portlink-typetrunkporttrunkallow-passvlan101returnAC的配置文件sysnameACvlanbatch100to101dhcpenableinterfaceVlanif100ipaddressdhcpselectinterfaceinterfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlan100to101capwapsourceinterfacevlanif100wlancalibrateenablescheduletime03:00:00security-profilenamewlan-netsecuritywpa-wpa2pskpass-phrase%^%m"tz0f>~7.`^6RWdzwCy16hJj/Mc,}s`XB}A%^%aes ssid-profilenamewlan-netssidwlan-netvap-profilenamewlan-netforward-modetunnelservice-vlanvlan-id101ssid-profilewlan-netsecurity-profilewlan-netregulatory-domain-profilenamedefaultdca-channel5gchannel-set149,153,157,161air-scan-profilenamewlan-airscanscan-channel-setdca-channelrrm-profilenamewlan-rrmradio-2g-profilenamewlan-radio2grrm-profilewlan-rrmair-scan-profilewlan-airscanradio-5g-profilenamewlan-radio5grrm-profilewlan-rrmair-scan-profilewlan-airscanap-groupnameap-group1radio0radio-2g-profilewlan-radio2gvap-profilewlan-netwlan1radio1radio-5g-profilewlan-radio5gvap-profilewlan-netwlan1ap-id0type-id35ap-mac60de-4476-e360ap-sn ap-namearea_1ap-groupap-group1return。
华为策略路由配置实例
华为策略路由配置实例1、组网需求图1 策略路由组网示例图如上图1所示,公司用户通过Switch双归属到外部网络设备。
其中,一条是低速链路,网关为10.1.20.1/24;另外一条是高速链路,网关为10.1.30.1/24。
公司希望上送外部网络的报文中,IP优先级为4、5、6、7的报文通过高速链路传输,而IP优先级为0、1、2、3的报文则通过低速链路传输。
2、配置思路1、创建VLAN并配置各接口,实现公司和外部网络设备互连。
2、配置ACL规则,分别匹配IP优先级4、5、6、7,以及IP优先级0、1、2、3。
3、配置流分类,匹配规则为上述ACL规则,使设备可以对报文进行区分。
4、配置流行为,使满足不同规则的报文分别被重定向到10.1.20.1/24和10.1.30.1/24。
5、配置流策略,绑定上述流分类和流行为,并应用到接口GE2/0/1的入方向上,实现策略路由。
3、操作步骤3.1、创建VLAN并配置各接口# 在Switch上创建VLAN100和VLAN200。
<HUAWEI> system-view[HUAWEI] sysname Switch[Switch] vlan batch 100 200# 配置Switch上接口GE1/0/1、GE1/0/2和GE2/0/1的接口类型为Trunk,并加入VLAN100和VLAN200。
[Switch] interface gigabitethernet 1/0/1[Switch-GigabitEthernet1/0/1] port link-type trunk[Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 200 [Switch-GigabitEthernet1/0/1] quit[Switch] interface gigabitethernet 1/0/2[Switch-GigabitEthernet1/0/2] port link-type trunk[Switch-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 200 [Switch-GigabitEthernet1/0/2] quit[Switch] interface gigabitethernet 2/0/1[Switch-GigabitEthernet2/0/1] port link-type trunk[Switch-GigabitEthernet2/0/1] port trunk allow-pass vlan 100 200 [Switch-GigabitEthernet2/0/1] quit配置LSW与Switch对接的接口为Trunk类型接口,并加入VLAN100和VLAN200。
华为无线——旁挂式二层组网,数据业务直接转发
学号:姓名实验日期:年月日实验地点:机房成绩教师签字实验一旁挂式二层组网,数据业务直接转发一、实验要求: 必做二、实验类型:验证三、实验学时:2四、实验地点与环境:H3C实验室,瘦AP ,AC,二层交换机五、实验需求:1、AP通过自动认证的方式在AC上进行认证2、创建两个SSID,分别为huawei-1(不加密)信道为6和huawei-2(加密:密码123456789)信道为113、开启终端用户隔离六、实验内容1、网络的组网图如下:FIT-AP通过二层网络注册到AC组网图本次实验中管理vlan为100用于AP和AC之间的通信,业务vlan为101和102,业务vlan是接入终端使用的vlan。
一个ssid实际上可以理解为一个wlan-ess接口,且和一个业务vlan关联。
一个AP允许广播出多个ssid。
1、配置接入交换机vlan batch 100 to 102#vlan 100 为管理vlan用于为ap和ac之间的通信#Vlan101和vlan102为业务vlan用于移动终端的通信interface Ethernet0/0/1port link-type trunkport trunk pvid vlan 100# 因为ap与ac通过vlan100进行通信,而通过ap自身发出的数据是一个不打标签的数据帧,所以接入交换机需要为ap自身发出的数据打上vlan100的标签这样ap与ac才能建立通信。
#接入交换机该端口收到的数据不仅有ap自身发出的数据,还有终端向wlan-ess接口发送的数据,wlan-ess接口会将接口收到的数据打上业务vlan的标签,然后由ap进行转发。
因为接入交换机的该接口会收到不同vlan 的数据,所以接口的类型需要配置成trunk。
port trunk allow-pass vlan 100 to 102#华为交换机的接口类型为trunk,需要指定允许哪些vlan通过,不指点则所以vlan都不允许通过。
华为ac6508认证方法
华为ac6508认证方法华为AC6508是一种高性能、可靠的无线接入控制设备,用于企业无线网络管理和控制。
要使AC6508能够正常运行,首先需要进行认证配置。
本文将介绍华为AC6508的认证方法,并提供详细步骤。
认证方法分为多种类型,包括本地认证、外部认证、广域网认证和管理认证。
不同的认证方法适用于不同场景和需求。
接下来将分别介绍这些认证方法的配置步骤。
1.本地认证配置本地认证是指使用AC6508自身的认证服务器进行认证。
以下是配置步骤:1.1登陆AC6508设备,进入系统视图。
1.2 进入认证模式,执行"aaa"命令。
1.3 配置本地认证服务器,执行"authentication-scheme scheme-name"命令,并配置认证方式、超时时间等参数。
1.4 配置本地用户,执行"local-user username"命令,并设置用户名、密码、用户级别等信息。
1.5 配置无线网络认证模板,执行"dot1x-profile profile-name"命令,并配置认证服务器、认证方式等参数。
1.6 将无线网络认证模板应用到无线接口,执行"wlan wlan-id"命令,并配置认证模板。
2.外部认证配置外部认证是指使用外部服务器进行认证,如Radius服务器。
以下是配置步骤:2.1登陆AC6508设备,进入系统视图。
2.2 进入认证模式,执行"aaa"命令。
2.3 配置外部认证服务器,执行"radius-server templatetemplate-name"命令,并配置服务器地址、端口、共享密钥等参数。
2.4 配置无线网络认证模板,执行"dot1x-profile profile-name"命令,并配置认证服务器、认证方式等参数。
2.5 将无线网络认证模板应用到无线接口,执行"wlan wlan-id"命令,并配置认证模板。
华为AC+AP无线配置方法
华为A C+A P无线配置方法-CAL-FENGHAI.-(YICAI)-Company One1华为AC+AP无线配置方法1)正确配置AC使AP发放SSID:“SSID-Temp1”、“SSID-Temp2”和“SSID-Temp3”,且对应业务vlan为:vlan-101,vlan-102,vlan-103;?配置Switch?[Switch]vlanbatch100101102103[Switch]interfaceGigabitEthernet0/0/1[Switch-GigabitEthernet0/0/1]descriptionLink-to-AP[Switch-GigabitEthernet0/0/1]portlink-typetrunk[Switch-GigabitEthernet0/0/1]porttrunkpvidvlan100[Switch-GigabitEthernet0/0/1]porttrunkallow-passvlan100101102103 [Switch-GigabitEthernet0/0/1]quit??[Switch]interfaceGigabitEthernet0/0/2[Switch-GigabitEthernet0/0/2]descriptionLink-to-AC[Switch-GigabitEthernet0/0/2]portlink-typetrunk[Switch-GigabitEthernet0/0/2]porttrunkallow-passvlan100101102103 [Switch-GigabitEthernet0/0/2]quit??配置AC?1.配置接口和VLAN信息,AC为DHCP?Server,为AP和client分配地址?[AC]vlanbatch100101102103[AC]interfaceGigabitEthernet0/0/1[AC-GigabitEthernet0/0/1]descriptionLink-to-SW[AC-GigabitEthernet0/0/1]portlink-typetrunk[AC-GigabitEthernet0/0/1]porttrunkallow-passvlan100101102103[AC-GigabitEthernet0/0/1]quit??[AC]dhcpenable?[AC]interfacevlanif100[AC-Vlanif100]descriptionfor-ap[AC-Vlanif100]ipaddress24[AC-Vlanif100]dhcpselectinterface[AC-Vlanif100]quit??[AC]interfacevlanif101[AC-Vlanif101]descriptionfor-STA[AC-Vlanif101]ipaddress24[AC-Vlanif101]dhcpselectinterface [ACVlanif101]quit??[AC]interfacevlanif102[AC-Vlanif102]descriptionfor-STA[AC-Vlanif102]ipaddress24[AC-Vlanif102]dhcpselectinterface [ACVlanif102]quit??[AC]interfacevlanif103[AC-Vlanif103]descriptionfor-STA[AC-Vlanif103]ipaddress24[AC-Vlanif103]dhcpselectinterface [ACVlanif103]quit??2.配置AC?WLAN基础配置?AC]wlanac-globalacid1carrieridother[AC]wlanac-globalcountry-codeCN[AC]wlan?[AC-wlan-view]wlanacsourceinterfaceVlanif100 [AC-wlan-view]ap-auth-modeno-auth?3.配置ACWLAN业务参数#创建wlan-ess接口?[AC]interfaceWlan-Ess0[AC-Wlan-Ess0]porthybridpvidvlan101[AC-Wlan-Ess0]porthybriduntaggedvlan101 [AC-Wlan-Ess0]quit??[AC]interfaceWlan-Ess1[AC-Wlan-Ess1]porthybridpvidvlan102[AC-Wlan-Ess1]porthybriduntaggedvlan102 [AC-Wlan-Ess1]quit?[AC]interfaceWlan-Ess2[AC-Wlan-Ess2]porthybridpvidvlan103[AC-Wlan-Ess2]porthybriduntaggedvlan103 [AC-Wlan-Ess2]quit??#创建WMM模板,采用默认参数?[AC-wlan-view]wmm-profilenamewmm-profile-0[AC-wlan-wmm-prof-wmm-profile-0]quit?#创建安全模板,采用默认参数?[AC-wlan-view]security-profilenamesecurity-profile-0[AC-wlan-sec-prof-security-profile-0]quit??#创建流量模板,采用默认参数?[AC-wlan-view]traffic-profilenametraffic-profile-0[AC-wlan-traffic-prof-traffic-profile-0]quit??#创建服务集并绑定WLAN-ESS接口、安全模板和流量模板?[AC-wlan-view]service-setnameservice-set-0[AC-wlan-service-set-service-set-0]ssidSSID-Temp1[AC-wlan-service-set-service-set-0]wlan-ess0[AC-wlan-service-set-service-set-0]service-vlan101[AC-wlan-service-set-service-set-0]security-profilenamesecurity-profile-0 [AC-wlan-service-set-service-set-0]traffic-profilenametraffic-profile-0?[AC-wlan-view]service-setnameservice-set-1[AC-wlan-service-set-service-set-1]ssidSSID-Temp2[AC-wlan-service-set-service-set-1]wlan-ess1[AC-wlan-service-set-service-set-1]service-vlan102[AC-wlan-service-set-service-set-1]security-profilenamesecurity-profile-0 [AC-wlan-service-set-service-set-1]traffic-profilenametraffic-profile-0?[AC-wlan-view]service-setnameservice-set-2[AC-wlan-service-set-service-set-2]ssidSSID-Temp3[AC-wlan-service-set-service-set-2]wlan-ess2[AC-wlan-service-set-service-set-2]service-vlan102[AC-wlan-service-set-service-set-2]security-profilenamesecurity-profile-0 [AC-wlan-service-set-service-set-2]traffic-profilenametraffic-profile-0#创建射频模板,并绑定WMM模板?[AC-wlan-view]radio-profilenameradio-profile-0[AC-wlan-radio-prof-radio-profile-0]wmm-profilenamewmm-profile-0 [AC-wlan-radio-prof-radio-profile-0]quit查看ap上线情况Show arp all。
华为无线笔记
一、二层AP组网1.拓扑2.实验配置AC基础配置,主要配置管理vlan的IP地址,及DHCP服务,因为这里是二层组网,所以不需要配置Option43,(关于option解释《H3CWLAN》p85)Dhcp enableInterface vlanif 1Ip address 192.168.0.1 24Dhcp select interface 使能采用基于接口的DHCP server功能WlanWlan ac source interface vlanif 1 配置AC与AP建立CAPWAP隧道的源接口3.各种查看dis ip pool interface Vlanif1 查看接口DHCP,已经分配出三个地址Dis ap all 默认华为使用MAC地址对AP的上线做认证,如果这里看不到,那么dis arp all可以看到AP的MAC地址dis unauthorized-ap record 查看未通过认证的AP通过命令确认AP上线,见证奇迹的时候WLANAp-confirm all 用来确认认证未通过的AP4.补充如果已经知道AP的MAC地址和型号(SN号是可选的),也可以通过以下命令AP上线wlanwlan ac source interface vlanif1ap id 0 type-id 19 mac 00e0-fc49-2850 sn 210235448310BB367513ap id 1 type-id 19 mac 00e0-fc8a-3ce0 sn 2102354483106515A47Cap id 2 type-id 19 mac 00e0-fc09-1660 sn 210235448310E1467E2F重启一下AP,抓取CAPWAP交互报文[AC6605-wlan-view]ap-reset id 1Warning: Reset AP! Continue? [Y/N]yInfo: Reset AP completely.二、三层组播AP上线1.拓扑2.相关配置ACinterface GigabitEthernet0/0/5port link-type trunkport trunk allow-pass vlan 10 20 30ip route-static 0.0.0.0 0.0.0.0 192.168.30.1====================================SW1interface Vlanif10ip address 192.168.10.1 255.255.255.0interface Vlanif20ip address 192.168.20.1 255.255.255.0interface Vlanif30ip address 192.168.30.1 255.255.255.0interface GigabitEthernet0/0/1port link-type accessport default vlan 10stp edged-port enableinterface GigabitEthernet0/0/2port link-type accessport default vlan 10stp edged-port enableinterface GigabitEthernet0/0/3port link-type accessport default vlan 20stp edged-port enableinterface GigabitEthernet0/0/4port link-type accessport default vlan 20stp edged-port enableinterface GigabitEthernet0/0/5port link-type trunkport trunk allow-pass vlan 10 20 30配置AP上线wlanwlan ac source interface vlanif30ap-auth-mode no-auth配置交换机的DHCP选项interface Vlanif10ip address 192.168.10.1 255.255.255.0dhcp select interfacedhcp server option 43 sub-option 3 ascii 192.168.30.2#interface Vlanif20ip address 192.168.20.1 255.255.255.0dhcp select interfacedhcp server option 43 sub-option 3 ascii 192.168.30.2配置设备为AP指定AC的IP地址如果AP无法正常上线需手工配置ap id 0 type-id 19 mac 00e0-fc49-2850 sn 210235448310BB367513ap id 1 type-id 19 mac 00e0-fc8a-3ce0 sn 2102354483106515A47Cap id 2 type-id 19 mac 00e0-fc09-1660 sn 210235448310E1467E2Fap id 3 type-id 19 mac 00e0-fcd1-4090 sn 210235448310C80E810B三、AC+AP步骤详解1.基本配置AP上线vlan batch 100 to 103 200 分别创建管理vlan,业务vlan#dhcp enable 开启全局DHCP#interface Vlanif100ip address 10.1.100.1 255.255.255.0 AC连接AP的管理vlan,AP通过其获取IPdhcp select interface#interface Vlanif101ip address 10.1.101.1 255.255.255.0 业务vlan101dhcp select interfacedhcp server dns-list 8.8.8.8#interface Vlanif102ip address 10.1.102.1 255.255.255.0 业务vlan102dhcp select interfacedhcp server dns-list 8.8.8.8#interface Vlanif103ip address 10.1.103.1 255.255.255.0 Guestvlan103dhcp select interfacedhcp server dns-list 8.8.8.8#interface GigabitEthernet0/0/1 上行接口port link-type accessport default vlan 200#interface GigabitEthernet0/0/2 业务接口连接AP,Pvid必须为管理vlan,否则AP获取不到地址port link-type trunkport trunk pvid vlan 100port trunk allow-pass vlan 100 to 103#wlanwlan ac source interface vlanif100ap-auth-mode sn-authap id 0 type-id 19 sn 2102354483101D0E1137说明:定义了AC 的源地址为VLAN 100,该地址是与AP 进行建立CAPWAP 隧道的,启用了AP认证功能,使用序列号,然后在AP 定义了一个ID 为0,然后AP 类型为19,序列号为那个。
华为交换机配置实例
rule 80 deny ip source 192.168.8.0 0.0.0.255 destination 192.168.24.0 0.0.0.255
rule 60 deny ip source 192.168.2.0 0.0.0.255 destination 192.168.19.0 0.0.0.255
rule 65 deny ip source 192.168.2.0 0.0.0.255 destination 192.168.21.0 0.0.0.255
rule 55 deny ip source 192.168.8.0 0.0.0.255 destination 192.168.15.0 0.0.0.255
rule 60 deny ip source 192.168.8.0 0.0.0.255 destination 192.168.19.0 0.0.0.255
rule 25 deny ip source 192.168.8.0 0.0.0.255 destination 192.168.7.0 0.0.0.255
rule 30 deny ip source 192.168.8.0 0.0.0.255 destination 192.168.6.0 0.0.0.255
of current VTY users on line is 1.
The current login time is 2008-11-02 09:18:17-05:13.
<HUAWEI>dis th
华为交换机各种配置实例
华为交换机各种配置实例交换机配置(⼀)端⼝限速基本配置交换机配置(⼆)端⼝绑定基本配置交换机配置(三)ACL基本配置防⽌同⽹段ARP欺骗的ACL交换机配置(四)密码恢复交换机配置(五)三层交换配置交换机配置(六)端⼝镜像配置交换机配置(七)DHCP配置交换机配置(⼋)配置⽂件管理交换机配置(九)远程管理配置交换机配置(⼗)STP配置交换机配置(⼗⼀)私有VLAN配置交换机配置(⼗⼆)端⼝trunk、hybrid应⽤配置华为3Com 2000_EI、S2000-SI、S3000-SI、S3026E、S3526E、S3528、S3552、S3900、S3050、S5012、S5024、S5600系列:华为交换机端⼝限速2000_EI系列以上的交换机都可以限速!限速不同的交换机限速的⽅式不⼀样!2000_EI直接在端⼝视图下⾯输⼊LINE-RATE (4 )参数可选!端⼝限速配置1功能需求及组⽹说明端⼝限速配置『配置环境参数』1. PC1和PC2的IP地址分别为10.10.1.1/24、10.10.1.2/24『组⽹需求』1. 在SwitchA上配置端⼝限速,将PC1的下载速率限制在3Mbps,同时将PC1的上传速率限制在1Mbps2数据配置步骤『S2000EI系列交换机端⼝限速配置流程』使⽤以太⽹物理端⼝下⾯的line-rate命令,来对该端⼝的出、⼊报⽂进⾏流量限速。
【SwitchA相关配置】1. 进⼊端⼝E0/1的配置视图[SwitchA]interface Ethernet 0/12. 对端⼝E0/1的出⽅向报⽂进⾏流量限速,限制到3Mbps[SwitchA- Ethernet0/1]line-rate outbound 303. 对端⼝E0/1的⼊⽅向报⽂进⾏流量限速,限制到1Mbps[SwitchA- Ethernet0/1]line-rate inbound 16【补充说明】报⽂速率限制级别取值为1~127。
华为AC开局数据配置规范
华为AC开局配置规范目录WS6603开局数据配置规范---------------------------------------------------------------------2 S9300 option43 数据配置规范-----------------------------------------------------------------4 MXU下挂的交换机配置要求------------------------------------------------------------------4 各地市ACID规划---------------------------------------------------------------------------------------5WS6603开局数据配置规范1热备的主备两台AC ID配置要求相同,按照后面的统一规划配置,不要随意配置。
2在热点数据配置前,APID 要按楼层、房间预先规划好,严禁自动上线,自动抢占。
3Radio射频模板中的信道、功率模式要为固定模式,AP信道功率必须提前规划固定好,不能使用默认自动状态,否则会频繁出现网络震荡,上网掉线。
4AP在AC上的认证模式要为MAC认证模式。
AC上默认为不认证,必须修改,否则AP自动上线,乱占APID,没有规律,给后期处理故障带来极大不便。
5AC热备配置:wlan ac protect enable protect-ac 2.2.2.11 priority 1wlan ac protect enable protect-ac 2.2.2.10 priority 7主备AC的优先级值越小优先级越高,优先级值相同时IP地址小的为主AC,默认优先级值为0。
建议主用配置为1,备用配置为7。
命令中优先级指本地AC优先级。
6AC上SNMP团体字配置:snmp-agent community read Sd@Wlan!snmp-agent target-host trap-hostname Sd@Wlan! address 211.137.179.37 udp-port 162 trap-paramsname Sd@Wlan!snmp-agent target-host trap-paramsname Sd@Wlan! v2C securityname Sd@Wlan!snmp-agent trap enable standard7AC/AP版本要求:2011年4月AC/AP版本要求:AP:V100R003C01SPC100AC:V100R003C01SPC100未带业务的AC尽快完成升级,AP通过AC-MODE、FTP-MODE均可,已经上线的需要提交客户申请,客户同意后,实施升级,该版本解决AP吊死问题。
华为S2700-26TP-SI(AC)
华为S2700交换机设置1.用交换机自带数据线。
COM连接电脑,网口连接交换机comsole口.2.运行软件选择serial。
波特率:9600奇偶校验:无奇偶停止位:1去掉RTS/CTS的勾选项3.建立连接。
回车4.输入密码:huawei123回车5.再次输入密码:huawei123回车6. 输入SYS回车7.观察网络格式,输入:dis stp回车8. 更改网络格式为rstp。
输入:stp mode rstp回车9. 输入:dis stp回车10.保存设置,输入:save回车11.重启。
输入:reboot回车华为st2700-26tp-si-ac 以太网交换器配置介绍<Quidway>系统查看模式<Quidway>sys 进入系统配置模式[Quidway]1.更改设备名称[Quidway]sysname bzyzbq-1 (设备名称《Quidway》更改bzyzbq-1[bzyzbq-1]设备名称已经更改为bzyzbq-12.现在设置用户名和密码[bzyzbq-1]aaa[bzyzbq-1-aaa]local-user bzyzschool password simple bz1zbqmanager (建立用户名:bzyzschool ,密码:bz1zbqmanager)3.建立用户权力[bzyzbq-1-aaa]local-user bzyzschool privilege level 15 (用户名:bzyzschool)4.给用户服务类型[bzyzbq-1-aaa]local-user bzyzschool service-type telnet web (用户名:bzyzschool)5.密码显示[bzyzbq-1-aaa]local-user bzyzschool password simple bz1zbqmanager(密码显示)6.开虚拟终端[bzyzbq-1-aaa]quit (先退去认真模式)[bzyzbq-1]user-interface vty 0 4 (开虚拟终端)[bzyzbq-1-ui-vty0-4]quit (退去)[bzyzbq-1]7.认真模式[bzyzbq-1-ui-vty0-4]authentication-mode aaa8.建立管理VLAN 0 的名称[bzyzbq-1][bzyzbq-1]interface vlan 1[bzyzbq-1-Vlanif1]description manager (已经建立管理VLAN 1 的名称manager) 9.建立管理IP 地址[bzyzbq-1-Vlanif1]ip address 10.1.0.124 255.255.255.010.开通道端口先打开第一通道[bzyzbq-1]interface GigabitEthernet 0/0/1 (进入通道端口)[bzyzbq-1-GigabitEthernet0/0/1]port link-type trunk (trunk是开通)[bzyzbq-1-GigabitEthernet0/0/1]port trunk allow vlan all (开通全部VLAN )然后开第二个通道[bzyzbq-1]interface GigabitEthernet 0/0/2 (进入通道端口)[bzyzbq-1-GigabitEthernet0/0/2]port link-type trunk (trunk是开通)[bzyzbq-1-GigabitEthernet0/0/2]port trunk allow vlan all (开通全部VLAN ) 11.建立VLAN[bzyzbq-1]vlan 123 (123是VLAN ID号)[bzyzbq-1-vlan123](进入VLAN 123)12.给vlan 123 的名称[bzyzbq-1-vlan123]description arman (VLAN 123的名称是arman)13.其它vlan也是一样11 与12一样建立14.进入VLAN[bzyzbq-1]interface vlan 123[bzyzbq-1-Vlanif123]q14.设置24个端口开第一端口开[bzyzbq-1]interface Ethernet 0/0/1 (进入端口一)[bzyzbq-1-Ethernet0/0/1]port link-type access第二端口开[bzyzbq-1]interface Ethernet 0/0/2 (进入端口二)[bzyzbq-1-Ethernet0/0/2]port link-type access弟三........第24端口开方法是第一和第二端口一样15.每个端口给VLAN[bzyzbq-1]interface Ethernet 0/0/1 (先进普通端口)[bzyzbq-1-Ethernet0/0/1]port default vlan 123(第一端口绑定VLAN 123)16.如果再需要建立VLAN 然后绑定先建立VLAN 例如建立vlan 130([bzyzbq-1]VLAN 130 然后进入[bzyzbq-1-Vlan 130]如果退去请按q 然后退去[bzyzbq-1]然后给命令interface vlan 130也进入[bzyzbq-1-Vlanif130]17.再普通端口绑定VLAN ID 号第15条一样建立18.如果删除VLAN ID 号[bzyzbq-1]undo interface vlan id (就好了)19.保存当前的配置<bzyzbq-1>save然后问您选:Y/N 我们选y 然后回车20.重启交换器<bzyzbq-1>reboot然后问您选:Y/N 我们选y 然后回车21.出厂恢复<bzyzbq-1>reset saved然后选择Y,然后重启命令<bzyzbq-1>reboot然后选择N,然后选择Y,就行全部恢复出厂设置OK22.如果第一交换器连接以太网,第二个交换器连接第一个交换器设置如下:第一交换器的第一通道端口连接以太网,第二个交换器的第一个通道端口连接第一个交换器的第二个通道是:第一交换器包括第二个交换器的全部VLAN id号和第一个交换器的的全部VLAN id 号23.智能路由交换机7706查看命令:dis curr 查看所有dis vlan dis interface 查看端口智能交换机S2700 26TP dis save 查看保存dis th 查看当前计算机MAC地址查询方法:进入MS-DOS或者使用运行输入CMD。
华为AC6005内置portal服务 配置指南
AC6005内置portal服务器配置设备配置网络配置,vlanif 88 管理AP Vlanif 100 为业务vlan 为终端分配地址开启DHCP[AC6005]dhcp enableInfo: The operation may take a few seconds. Please wait for a moment.done.创建VLAN 88 和100[AC6005]vlan batch 88 100Info: This operation may take a few seconds. Please wait for a moment...done.配置与上行设备通信接口的地址[AC6005]int Vlanif 1[AC6005-Vlanif1]ip address 192.168.1.254 255.255.255.0[AC6005-Vlanif1]dhcp select interface[AC6005-Vlanif1]dhcp server dns-list 61.153.177.196配置VLAN 88和100的网关[AC6005]int vlan 88[AC6005-Vlanif88]ip address 192.168.88.1 255.255.255.0[AC6005-Vlanif88]dhcp select interface[AC6005]int vlan 100[AC6005-Vlanif100]ip address 192.168.100.1 255.255.255.0[AC6005-Vlanif100]dhcp select interface[AC6005-Vlanif100]dhcp server dns-list 61.153.177.196配置AC与AP相连的端口[AC6005]int g0/0/8[AC6005-GigabitEthernet0/0/8]port link-type trunk[AC6005-GigabitEthernet0/0/8]port trunk pvid vlan 88[AC6005-GigabitEthernet0/0/8]undo port trunk allow-pass vlan 1[AC6005-GigabitEthernet0/0/8]port trunk allow-pass vlan 88 100[AC6005]int g0/0/7[AC6005-GigabitEthernet0/0/7]port link-type a[AC6005-GigabitEthernet0/0/7]port link-type access[AC6005-GigabitEthernet0/0/7]port default vlan 100[AC6005]ip route-static 0.0.0.0 0.0.0.0 192.168.1.1创建登录用户[AC6005]aaa[AC6005-aaa]local-user huawei password cipher huawei123Info: Add a new user.创建登录用户最大连接数[AC6005-aaa]local-user huawei access-limit 5开启portal的web访问认证功,配置内置portal 的SSL策略和端口号(443已经被web端口启用,不可用)[AC6005]portal local-server ip 192.168.100.1[AC6005]portal local-server https ssl-policy default_policy port 2000Info: Load web file successfully.配置免认证规则[AC6005]portal free-rule 0 destination ip 61.153.177.196 mask 255.255.255.255Info: This free rule configured successfully, only <0-63> can be commit to AP.配置wlan-ess接口,在接口调用内置portal与允许的认证域[AC6005]interface Wlan-Ess 1[AC6005-Wlan-Ess1]port hybrid pvid vlan 100[AC6005-Wlan-Ess1]port hybrid untagged vlan 100[AC6005-Wlan-Ess1]portal local-server enable[AC6005-Wlan-Ess1]permit-domain name default配置AC与AP之间的隧道通信[AC6005]wlan[AC6005-wlan-view]wlan ac source interface Vlanif 88配置AP的认证方式为免认证[AC6005-wlan-view]ap-auth-mode no-auth查看AP[AC6005-wlan-view]dis ap allAll AP information(Normal-1,UnNormal-0):------------------------------------------------------------------------------AP AP AP Profile AP AP/RegionID Type MAC ID State Sysname------------------------------------------------------------------------------0 AP6310SN-GN 4862-7602-35d0 0/0 normal ap-0------------------------------------------------------------------------------Total number: 1配置名为wmm1的wmm模板,参数采用默认[AC6005-wlan-view]wmm-profile name wmm1 id 1配置名为radio1的radio模板,参数采用默认,调用wmm模板[AC6005-wlan-view]radio-profile name radio1 id 1、[AC6005-wlan-radio-prof-radio1]wmm-profile id 1配置名为traffic1 的traffic模板,参数采用默认[AC6005-wlan-view]traffic-profile name traffic1 id 1配置名为security1的安全模板,认证方式为WEP认证,开放认证,不加密[AC6005-wlan-view]security-profile name scurity1 id 1创建名为service的服务集,并绑定流量模板和安全模板,wlan-ess 接口[AC6005-wlan-view]service-set name service1 id 1[AC6005-wlan-service-set-service1]wlan-ess 1[AC6005-wlan-service-set-service1]ssid [AC6005-wlan-service-set-service1]traffic-profile id 1[AC6005-wlan-service-set-service1]security-profile id 1[AC6005-wlan-service-set-service1]service-vlan 100Info: This action may cause service interruption if you don't execute commit command.配置AP对应的VAP,下发Wlan服务,[AC6005-wlan-view]ap 0 radio 0[AC6005-wlan-radio-0/0]radio-profile id 1Warning: Modify the Radio type may cause some parameters of Radio resume default value, are you sure to continue?[Y/N]:y[AC6005-wlan-radio-0/0]service-set id 1 wlan 1下发AP的WLAN配置[AC6005-wlan-view]commit allWarning: Committing configuration may cause service interruption,continue?[Y/N]y搜索SSID 测试成功。
HUAWEI华为路由器配置实例
给你一个实例参考:公司内部服务器通过地址转换后访问Internet组网需求一个公司通过Quidway系列路由器的地址转换后连接到广域网。
要求该公司能够通过Quidway系列路由器的串口S0访问Internet,公司内部对外提供WWW、FTP和SMTP服务,而且提供两台WWW服务器。
公司内部网址为10.110.0.0/16。
公司有202.38.160.101~202.38.160.103三个合法的公网IP地址。
内部FTP服务器地址为10.110.10.1,使用202.38.160.101的公网地址,内部WWW服务器1地址为10.110.10.2;内部WWW服务器2的地址为10.110.10.3,采用8080端口,两台WWW服务器都使用202.38.160.102的公网地址。
内部SMTP服务器地址为10.110.10.4,并希望可对外提供统一的服务器的IP地址,使用202.38.160.103的公网地址。
公网地址内部10.110.10.0/24网段的PC机可访问Internet,其它网段的PC机则不能访问Internet。
外部PC机可以访问内部的服务器。
配置步骤!配置地址池和地址列表Quidway(config)# nat pool 202.38.160.101 202.38.160.103 pool1Quidway(config)# access-list 1 permit 10.110.10.0 0.0.0.255Quidway(config)# access-list 1 deny any!允许10.110.10.0/24的网段进行地址转换Quidway(config-if-Serial0)# nat inside 1 pool pool1!设置内部FTP服务器Quidway(config-if-Serial0)# nat server global 202.38.160.101 inside 10.110.10.1 ftp tcp!设置内部WWW服务器1Quidway(config-if-Serial0)# nat server global 202.38.160.102 inside 10.110.10.2 www tcp!设置内部WWW服务器2Quidway(config-if-Serial0)# nat server global 202.38.160.102 8080 inside 10.110.10.3 www tcp!设置内部SMTP服务器Quidway(config-if-Serial0)# nat server global 202.38.160.103 inside 10.110.10.4 smtp udpjimmy_7 [2004-6-9 22:40:00]楼上的,这是华为配置手册里介绍的内容啊!我现在是这样一个情况,lan0接网通进线,lan1接内部交换机。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
华为无线控制器AC6005配置(直接转发)Switch的配置文件#sysnameSwitch#vlanbatch100to101#interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkpvidvlan100porttrunkallow-passvlan100to101port-isolateenablegroup1#interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan100to101#returnRouter的配置文件#sysnameRouter#vlanbatch101#interfaceVlanif101ipaddress#interfaceGigabitEthernet1/0/0portlink-typetrunkporttrunkallow-passvlan101#returnAC的配置文件#sysnameAC#vlanbatch100to101#dhcpenable#interfaceVlanif100ipaddressdhcpselectinterface#interfaceVlanif101ipaddressdhcpselectinterface#interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlan100to101#interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan101#capwapsourceinterfacevlanif100#wlansecurity-profilenamewlan-netsecuritywpa-wpa2pskpass-phrase%^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%#aes ssid-profilenamewlan-netssidwlan-netvap-profilenamewlan-netservice-vlanvlan-id101ssid-profilewlan-netsecurity-profilewlan-netregulatory-domain-profilenamedefaultrrm-profilenamedefaultcalibrateauto-channel-selectdisablecalibrateauto-txpower-selectdisableap-groupnameap-group1radio0vap-profilewlan-netwlan1radio1vap-profilewlan-netwlan1ap-id0type-id35ap-mac60de-4476-e360ap-snap-namearea_1ap-groupap-group1radio0channel20mhz6eirp127radio1channel20mhz149eirp127#return华为无线控制器AC6005配置(隧道转发)Switch的配置文件#sysnameSwitchvlanbatch100#interfaceGigabitEthernet0/0/1 portlink-typetrunk porttrunkpvidvlan100 porttrunkallow-passvlan100 port-isolateenablegroup1#interfaceGigabitEthernet0/0/2 portlink-typetrunk porttrunkallow-passvlan100#returnRouter的配置文件#sysnameRouter#vlanbatch101#interfaceVlanif101ipaddress#interfaceGigabitEthernet1/0/0 portlink-typetrunk porttrunkallow-passvlan101#returnAC的配置文件#sysnameAC#vlanbatch100to101#dhcpenable#interfaceVlanif100ipaddress dhcpselectinterface#interfaceVlanif101ipaddress dhcpselectinterface#interfaceGigabitEthernet0/0/1 portlink-typetrunk porttrunkallow-passvlan100interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan101#capwapsourceinterfacevlanif100#wlansecurity-profilenamewlan-netsecuritywpa-wpa2pskpass-phrase%^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%#aes ssid-profilenamewlan-netssidwlan-netvap-profilenamewlan-netforward-modetunnelservice-vlanvlan-id101ssid-profilewlan-netsecurity-profilewlan-netregulatory-domain-profilenamedefaultrrm-profilenamedefaultcalibrateauto-channel-selectdisablecalibrateauto-txpower-selectdisableap-groupnameap-group1radio0vap-profilewlan-netwlan1radio1vap-profilewlan-netwlan1ap-id0type-id35ap-mac60de-4476-e360ap-snap-namearea_1ap-groupap-group1radio0channel20mhz6eirp127radio1channel20mhz149eirp127#return配置旁挂二层组网直接转发SwitchA的配置文件#sysnameSwitchA#vlanbatch100to101#interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkpvidvlan100porttrunkallow-passvlan100to101 port-isolateenablegroup1#interfaceGigabitEthernet0/0/2 portlink-typetrunk porttrunkallow-passvlan100to101 #returnSwitchB的配置文件#sysnameSwitchB#vlanbatch100to101#dhcpenable#interfaceVlanif101ipaddressdhcpselectinterface dhcpservergateway-list#interfaceGigabitEthernet0/0/1 portlink-typetrunk porttrunkallow-passvlan100to101 #interfaceGigabitEthernet0/0/2 portlink-typetrunk porttrunkallow-passvlan100#interfaceGigabitEthernet0/0/3 portlink-typetrunk porttrunkallow-passvlan101#returnRouter的配置文件#sysnameRouter#vlanbatch101#interfaceVlanif101ipaddress#interfaceGigabitEthernet1/0/0 portlink-typetrunk porttrunkallow-passvlan101#returnAC的配置文件#sysnameAC#vlanbatch100to101#dhcpenable#interfaceVlanif100ipaddressdhcpselectinterface#interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlan100#capwapsourceinterfacevlanif100#wlansecurity-profilenamewlan-netsecuritywpa-wpa2pskpass-phrase%^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%#aes ssid-profilenamewlan-netssidwlan-netvap-profilenamewlan-netservice-vlanvlan-id101ssid-profilewlan-netsecurity-profilewlan-netregulatory-domain-profilenamedefaultrrm-profilenamedefaultcalibrateauto-channel-selectdisablecalibrateauto-txpower-selectdisableap-groupnameap-group1radio0vap-profilewlan-netwlan1radio1vap-profilewlan-netwlan1ap-id0type-id35ap-mac60de-4476-e360ap-snap-namearea_1ap-groupap-group1radio0channel20mhz6eirp127radio1channel20mhz149eirp127#return配置旁挂二层组网隧道转SwitchA的配置文件#sysnameSwitchA#vlanbatch100#interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkpvidvlan100porttrunkallow-passvlan100port-isolateenablegroup1#interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan100#returnSwitchB的配置文件#sysnameSwitchB#vlanbatch100to101#dhcpenable#interfaceVlanif101ipaddressdhcpselectinterfacedhcpservergateway-list#interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlan100#interfaceGigabitEthernet0/0/2portlink-typetrunkporttrunkallow-passvlan100to101#interfaceGigabitEthernet0/0/3portlink-typetrunkporttrunkallow-passvlan101#returnRouter的配置文件#sysnameRouter#vlanbatch101#interfaceVlanif101ipaddress#interfaceGigabitEthernet1/0/0portlink-typetrunkporttrunkallow-passvlan101#returnAC的配置文件#sysnameAC#vlanbatch100to101#dhcpenable#interfaceVlanif100ipaddressdhcpselectinterface#interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlan100to101#capwapsourceinterfacevlanif100#wlancalibrateenablescheduletime03:00:00security-profilenamewlan-netsecuritywpa-wpa2pskpass-phrase%^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%#aes ssid-profilenamewlan-netssidwlan-netvap-profilenamewlan-netforward-modetunnelservice-vlanvlan-id101ssid-profilewlan-netsecurity-profilewlan-netregulatory-domain-profilenamedefaultdca-channel5gchannel-set149,153,157,161air-scan-profilenamewlan-airscanscan-channel-setdca-channelrrm-profilenamewlan-rrmradio-2g-profilenamewlan-radio2grrm-profilewlan-rrmair-scan-profilewlan-airscanradio-5g-profilenamewlan-radio5grrm-profilewlan-rrmair-scan-profilewlan-airscanap-groupnameap-group1radio0radio-2g-profilewlan-radio2gvap-profilewlan-netwlan1radio1radio-5g-profilewlan-radio5gvap-profilewlan-netwlan1ap-id0type-id35ap-mac60de-4476-e360ap-sn ap-namearea_1ap-groupap-group1#return。