2. 技术
    3. xhm-test

    xhm-test

    技术2023-07-04  65

     

    URL

    iMC

    https://172.20.65.146:8080/imc

    深信服AC

    https://172.20.154.1

    深信服防火墙

    https://172.20.154.6

    设备名称

    管理地址账号密码SZPDC-CORE172.20.154.13  SZPDC-core1192.168.220.254aaa123456AC192.168.220.1adminadminAC192.168.220.2adminadminACCESS-1192.168.220.3adminadminACCESS-2192.168.220.4adminadmin

    IRF堆叠

    SZPDC-CORE-1

    system-view irf member 1 pri 20 interface range ten-gigabitethernet 1/0/47 to ten-gigabitethernet 1/0/48 shutdown quit irf-port 1/2 port group interface ten-gigabitethernet 1/0/48 quit interface range Ten-gigabitethernet 1/0/47 to Ten-gigabitethernet 1/0/48 undo shutdown quit interface bridge-aggregation 3 quit interface bridge-aggregation 1 link-aggregation mode dynamic port link-type trunk port trunk permit vlan all quit interface bridge-aggregation 2 link-aggregation mode dynamic port link-type trunk port trunk permit vlan all quit interface ten-gigabitethernet 1/0/1 port link-aggregation group 1 port link-type trunk port trunk permit vlan all quit interface ten-gigabitethernet 1/0/2 port link-type trunk port trunk permit vlan all port link-aggregation group 2 quit local-user admin password simple admin service-type telnet ssh authorization-attribute user-role network-admin undo authorization-attribute user-role network-operator quit user-interface vty 0 15 authentication-mode scheme quit telnet server enable save f sys irf-port-configuration active

    SZPDC-CORE-2

    system-view irf member 2 pri 10 interface range ten-gigabitethernet 2/0/47 to ten-gigabitethernet 2/0/48 shutdown quit irf-port 2/1 port group interface ten-gigabitethernet 2/0/48 quit interface range Ten-gigabitethernet 2/0/47 to Ten-gigabitethernet 2/0/48 undo shutdown quit interface bridge-aggregation 3 quit interface bridge-aggregation 1 link-aggregation mode dynamic port link-type trunk port trunk permit vlan all quit interface bridge-aggregation 2 link-aggregation mode dynamic port link-type trunk port trunk permit vlan all quit interface ten-gigabitethernet 2/0/1 port link-aggregation group 1 port link-type trunk port trunk permit vlan all quit interface ten-gigabitethernet 2/0/2 port link-type trunk port trunk permit vlan all port link-aggregation group 2 quit local-user admin password simple admin service-type telnet ssh authorization-attribute user-role network-admin undo authorization-attribute user-role network-operator quit user-interface vty 0 15 authentication-mode scheme quit telnet server enable save f sys irf-port-configuration active

    DHCP

    SZPDC-CORE

    vlan 2003 description xhm-bfd vlan 2006 description xhm-access-1 vlan 2008 description xhm-access-2 vlan 2010 description xhm-ap-manage vlan 2012 description xhm-psk-mac-test vlan 2016 description xhm-portal-test vlan 2020 description xhm-manage-vlan dhcp server ip-pool xhm-2006 gateway-list 192.168.207.254 network 192.168.206.0 mask 255.255.254.0 dns-list 114.114.114.114 expired day 2 dhcp server ip-pool xhm-2008 gateway-list 192.168.209.254 network 192.168.208.0 mask 255.255.254.0 dns-list 114.114.114.114 expired day 2 interface Vlan-interface 2006 ip address 192.168.207.254 255.255.254.0 dhcp server apply ip-pool access-1 interface Vlan-interface 2008 ip address 192.168.209.254 255.255.254.0 dhcp server apply ip-pool access-2 interface Vlan-interface 2012 ip address 192.168.215.254 255.255.252.0 dhcp server apply ip-pool ap-psk-mac interface Vlan-interface 2016 ip address 192.168.219.254 255.255.252.0 dhcp server apply ip-pool ap-portal int vlan 2020 ip address 192.168.220.254 255.255.255.0

    ACCESS-1

    Sys Vlan 2000 to 2020 Int vlanif 2020 Ip address 192.168.220.3 24 Quit interface bridge-aggregation 1 port link-type trunk port trunk permit vlan all quit int ethernet 1/0/1 port link-type trunk port trunk permit vlan all port link-aggregation group 1 quit int ethernet 1/0/2 port link-type trunk port trunk permit vlan all port link-aggregation group 1 quit local-user admin password cipher admin service-type telnet ssh authorization-attribute user-level 3 quit user-interface vty 0 15 authentication-mode scheme quit telnet server enable

    ACCESS-2

    Sys Vlan 2000 to 2020 Int vlanif 2020 Ip address 192.168.220.4 24 Quit interface bridge-aggregation 2 port link-type trunk port trunk permit vlan all quit int ethernet 1/0/1 port link-type trunk port trunk permit vlan all port link-aggregation group 2 quit int ethernet 1/0/2 port link-type trunk port trunk permit vlan all port link-aggregation group 2 quit local-user admin password cipher admin service-type telnet ssh authorization-attribute user-level 3 quit user-interface vty 0 15 authentication-mode scheme quit telnet server enable

    端口镜像

    mirroring-group group 4 local interface Ten-GigabitEthernet1/0/20 port link-mode bridge description xhm-monitor-test mirroring-group 4 mirroring-port both interface Ten-GigabitEthernet1/0/21 port link-mode bridge description xhm-monitor-test port access vlan 2008 mirroring-group 4 monitor-port

    无线设置(AC引擎)

    Sys Sysname AC Vlan 2010 Description ap manage vlan Vlan 2012 Description psk and mac vlan Vlan 2016 Description portal vlan Vlan 2020 Description manage vlan local-user admin password cipher admin authorization-attribute level 3 service-type telnet service-type web telnet server enable port-security enable portal server portal ip 172.20.65.146 key cipher szpdc12345 url http://172.20.65.146:8080/portal server-type imc portal free-rule 0 source ip 192.168.210.254 mask 255.255.255.255 destination ip any portal local-server http radius scheme xhm-mac primary authentication 172.20.65.146 primary accounting 172.20.65.146 key authentication cipher 12345678 key accounting cipher 12345678 user-name-format without-domain nas-ip 192.168.220.1 radius scheme xhm-portal primary authentication 172.20.65.146 primary accounting 172.20.65.146 key authentication cipher 12345678 key accounting cipher 12345678 domain xhm-mac authentication lan-access radius-scheme xhm-mac authorization lan-access radius-scheme xhm-mac accounting lan-access radius-scheme xhm-mac access-limit disable state active idle-cut enable 60 10240 self-service-url disable domain xhm-portal authentication portal radius-scheme xhm-portal authorization portal radius-scheme xhm-portal accounting portal radius-scheme xhm-portal access-limit disable state active wlan auto-ap enable wlan auto-persistent enable password-recovery enable wlan service-template 21 crypto ssid xhm-psk bind WLAN-ESS 21 cipher-suite cnmp security-ie rsn service-template enable wlan ap-group default_group ap 0cda-4100-5a60 dhcp server ip-pool xhm-ap-manage gateway-list 192.168.210.254 network 192.168.210.0 mask 255.255.255.0 dns-list 114.114.114.114 dhcp server ip-pool xhm-psk-mac gateway-list 192.168.215.254 network 192.168.212.0 mask 255.255.254.0 dns-list 114.114.114.114 expired day 2 dhcp server ip-pool xhm--portal gateway-list 192.168.219.254 network 192.168.216.0 mask 255.255.254.0 dns-list 114.114.114.114 expired day 2 interface Vlan-interface 2010 ip address 192.168.210.254 255.255.255.0 interface Vlan-interface 2010 ip address 192.168.210.254 255.255.255.0 interface Vlan-interface 2012 ip address 192.168.215.254 255.255.252.0 interface Vlan-interface 2016 ip address 192.168.219.254 255.255.252.0 interface Vlan-interface 2020 ip address 192.168.220.1 255.255.255.0 wlan service-template 21 crypto ssid xhm-psk bind WLAN-ESS 21 cipher-suite ccmp security-ie rsn service-template enable wlan service-template 22 clear ssid xhm-mac bind WLAN-ESS 22 service-template enable wlan service-template 23 clear description xhm-portal ssid xhm-portal bind WLAN-ESS 23 service-template enable interface WLAN-ESS21 description xhm-psk port access vlan 2012 port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase cipher szpdc12345 interface WLAN-ESS22 description xhm-mac port access vlan 2012 port-security port-mode mac-authentication mac-authentication domain xhm-mac interface WLAN-ESS23 description xhm-portal port access vlan 2016 wlan ap 3891-d5a7-c2c0 model WA2620i-AGN id 1 description xhm-uesing-ap serial-id 219801A0CNC15C003610 country-code CN radio 1 channel 165 service-template 21 radio enable radio 2 max-power 1 service-template 22 service-template 23 radio enable ip route-static 0.0.0.0 0.0.0.0 192.168.220.254 dhcp server forbidden-ip 192.168.210.254 dhcp server forbidden-ip 192.168.215.254 dhcp enable local-user admin password simple admin service-type telnet level 3 Vlan 2020 Description manage vlan Vlan 2010 Description ap manage vlan Vlan 2012 Description psk and mac vlan Vlan 2016 Description portal vlan interface Vlan-interface2020 Description ac-lsw-manage-vlan ip address 192.168.220.2 255.255.255.0 interface GigabitEthernet1/0/1 port link-type trunk port trunk permit vlan all interface GigabitEthernet1/0/4 poe enable port link-type trunk port trunk permit vlan all port trunk pvid vlan 2010 description xhm-ac-core interface GigabitEthernet1/0/11 stp disable port link-type trunk port trunk permit vlan all ip route-static 0.0.0.0 0.0.0.0 192.168.220.254

    无线设置(交换引擎)

    vlan 2010 description xhm-ap-manage vlan 2020 description xhm-manage-vlan interface Vlan-interface2020 ip address 192.168.220.2 255.255.255.0 interface GigabitEthernet1/0/1 port link-type trunk port trunk permit vlan all interface GigabitEthernet1/0/4 poe enable port link-type trunk port trunk permit vlan all port trunk pvid vlan 2010 description xhm-ac-ap interface GigabitEthernet1/0/11 stp disable port link-type trunk port trunk permit vlan all ip route-static 0.0.0.0 0.0.0.0 192.168.220.254 preference 60

     

    Processed: 0.009, SQL: 9