华为AirEgine9700S AC配置示例
Vlan97为管理Vlan
<AirEgine9700S>dis cu
Software Version V200R021C00SPC100
#sysname AirEgine9700S
#http timeout 60http secure-server ssl-policy default_policyhttp secure-server server-source -i allhttp server enable
#set np rss hash-mode 5-tuple
#
mdns permit service-type _airplay._tcp.local id 0
mdns permit service-type _raop._tcp.local id 1
mdns permit service-type _printer._tcp.local id 2
mdns permit service-type _ipp._tcp.local id 3
mdns permit service-type _universal._sub._ipp._tcp.local id 4
mdns permit service-type _cups._sub._ipp._tcp.local id 5
#
kpi disable
#
vlan batch 8 10 to 14 20 97 to 100 110 120 130 140 150 160
#
stp enable
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name macportal_authen_profile
authentication-profile name portal_authen_profile
#
dns resolve
dns proxy enable
#
dhcp enable
#
diffserv domain default
vlan 150description WIFI_Office
vlan 160description WIFI_Device
#
radius-server template default
#
pki realm defaultcertificate-check none
#
ssl policy default_policy type serverpki-realm defaultversion tls1.2 ciphersuite ecdhe_rsa_aes128_gcm_sha256 ecdhe_rsa_aes256_gcm_sha384
#
ike proposal defaultencryption-algorithm aes-256 dh group14 authentication-algorithm sha2-256 authentication-method pre-shareintegrity-algorithm hmac-sha2-256 prf hmac-sha2-256
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaaauthentication-scheme defaultauthentication-mode localauthentication-scheme radiusauthentication-mode radiusauthorization-scheme defaultauthorization-mode localaccounting-scheme defaultaccounting-mode nonelocal-aaa-user password policy administratordomain defaultauthentication-scheme defaultaccounting-scheme defaultradius-server defaultdomain default_adminauthentication-scheme defaultaccounting-scheme defaultlocal-user admin password irreversible-cipher $1a$70hU8lq&U8$^\lQClf^PH70e]Ai/T#=JH/B.o>_2@:TIc*5local-user admin privilege level 15local-user admin service-type telnet ssh http
#
interface Vlanif1ip address dhcp-alloc unicast
#
interface Vlanif97description Huawei_AP_Managementip address 192.168.97.1 255.255.255.0dhcp select interface
#
interface Vlanif99ip address 192.168.99.14 255.255.255.0
#
interface Ethernet0/0/47ip address 169.254.3.1 255.255.255.0
#
interface GigabitEthernet0/0/1port link-type trunkport trunk pvid vlan 97port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2port link-type trunkport trunk pvid vlan 97port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3port link-type trunkport trunk pvid vlan 97port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4port link-type trunkport trunk pvid vlan 97port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/5port link-type trunkport trunk pvid vlan 97port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/6port link-type trunkport trunk pvid vlan 97port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/7port link-type trunkport trunk pvid vlan 97port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/8port link-type trunkport trunk pvid vlan 97port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/9port link-type trunkport trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/10port link-type access
#
interface XGigabitEthernet0/0/1
#
interface XGigabitEthernet0/0/2
#
interface NULL0
#ftp server-source -i Vlanif1
#info-center timestamp log date precision-time millisecondinfo-center timestamp trap date precision-time millisecond
#
undo icmp name timestamp-request receive
#undo snmp-agent
#ssh server-source -i Vlanif1stelnet server enable undo telnet ipv6 server enable telnet server-source -i all
ssh server secure-algorithms cipher aes256_ctr aes128_ctr
ssh server secure-algorithms hmac sha2_256
ssh server key-exchange dh_group16_sha512 dh_group15_sha512 dh_group_exchange_sha256
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group16_sha512 dh_group15_sha512 dh_group_exchange_sha256
#
ip route-static 0.0.0.0 0.0.0.0 192.168.99.2
#
capwap source interface vlanif97
capwap dtls psk %^%#]lL\@l`~V01y4k&yGds;u
capwap dtls inter-controller psk %^%#y#it7qr4lEBfmj"64wf*-0)wAI
#
user-interface con 0authentication-mode passwordset authentication password irreversible-cipher $1b$yLn\E><a[($jmB=GQiO%9f'$@LX9bi.qIv*'D"S|U,deHK{7j:K$idle-timeout 120 0
user-interface vty 0 4authentication-mode aaaidle-timeout 120 0protocol inbound all
user-interface vty 16 20authentication-mode aaaprotocol inbound ssh
#
wmi-server
#
wmi-server2
#
wlantemporary-management psk %^%#9%#HB6rgA1g8A,'LjmwC|EJ`LC'Il3MgbJap username admin password cipher %^%#He1C-To#\%zv]kVML<e9gqfB#)=G#Pfg(traffic-profile name defaultsecurity-profile name CESTsecurity wpa-wpa2 psk pass-phrase %^%#*w)%"FGyd1+**xFybfE9gs/*"<}.I%^%# aessecurity-profile name Adminsecurity wpa-wpa2 psk pass-phrase %^%#6to$7l'm9U6wp,ITj9F3_Nx!<km,h+"ZiA$%^%# aessecurity-profile name Devicesecurity wpa-wpa2 psk pass-phrase %^%#8:1y5eC72-K-~PP5fmi;lEE/Sb-sV70nB}`:h7%^%# aessecurity-profile name Mobilesecurity wpa-wpa2 psk pass-phrase %^%#+7!1S3bB`Nt[];3vn*>;}w)0{ONd.C)|jv9HQ%^%# aessecurity-profile name defaultsecurity-profile name default-wdssecurity-profile name default-meshssid-profile name CESTssid CESTssid-profile name Adminssid Adminssid-profile name Devicessid Devicessid-profile name Mobilessid Mobilessid-profile name defaultvap-profile name CESTservice-vlan vlan-id 20ssid-profile CESTsecurity-profile CESTvap-profile name Adminservice-vlan vlan-id 10ssid-profile Adminsecurity-profile Adminvap-profile name Deviceservice-vlan vlan-id 160ssid-profile Devicesecurity-profile Devicevap-profile name Mobileservice-vlan vlan-id 150ssid-profile Mobilesecurity-profile Mobilevap-profile name defaultwds-profile name defaultmesh-handover-profile name defaultmesh-profile name defaultregulatory-domain-profile name defaultregulatory-domain-profile name domain1air-scan-profile name defaultrrm-profile name defaultradio-2g-profile name defaultradio-5g-profile name defaultwids-spoof-profile name defaultwids-whitelist-profile name defaultwids-profile name defaultwireless-access-specificationap-system-profile name defaultport-link-profile name defaultwired-port-profile name defaultap-group name defaultap-group name ap-group1regulatory-domain-profile domain1radio 0vap-profile Device wlan 1vap-profile Mobile wlan 2vap-profile Admin wlan 3vap-profile CEST wlan 4radio 1vap-profile Device wlan 1vap-profile Mobile wlan 2vap-profile Admin wlan 3vap-profile CEST wlan 4ap-id 0 type-id 79 ap-mac a47c-c940-6140 ap-sn 21500831133GMB000229ap-name area_0ap-group ap-group1ap-id 1 type-id 79 ap-mac a47c-c940-7da0 ap-sn 21500831133GMB000023ap-name area_1ap-group ap-group1ap-id 2 type-id 79 ap-mac a47c-c940-8ce0 ap-sn 21500831133GMB000126ap-name area_2ap-group ap-group1ap-id 3 type-id 79 ap-mac a47c-c940-7d20 ap-sn 21500831133GMB000019ap-name area_3ap-group ap-group1ap-id 4 type-id 79 ap-mac a47c-c940-9300 ap-sn 21500831133GMB000166ap-name area_4ap-group ap-group1ap-id 5 type-id 79 ap-mac a47c-c940-8a40 ap-sn 21500831133GMB000147ap-name area_5ap-group ap-group1ap-id 6 type-id 79 ap-mac a47c-c940-8300 ap-sn 21500831133GMB000066ap-name area_6ap-group ap-group1ap-id 7 type-id 79 ap-mac a47c-c940-90e0 ap-sn 21500831133GMB000189ap-name area_7ap-group ap-group1ap-id 8 type-id 79 ap-mac a47c-c940-8a20 ap-sn 21500831133GMB000145ap-name area_8ap-group ap-group1ap-id 9 type-id 79 ap-mac a47c-c940-8520 ap-sn 21500831133GMB000083ap-name area_9ap-group ap-group1provision-ap
#
device-profile profile-name @default_device_profiledevice-type default_type_phoneenablerule 0 user-agent sub-match Android rule 1 user-agent sub-match iPhone rule 2 user-agent sub-match iPad if-match rule 0 or rule 1 or rule 2
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#undo ntp-service enablentp-service server server-source -i Vlanif1
#
return
<AirEgine9700S>
<AirEgine9700S>
<AirEgine9700S>dis int bri
PHY: Physical
*down: administratively down
(l): loopback
(s): spoofing
(b): BFD down
(e): ETHOAM down
InUti/OutUti: input utility/output utility
Interface PHY Protocol InUti OutUti inErrors outErrors
Ethernet0/0/47 up up 0% 0% 0 0
GigabitEthernet0/0/1 down down 0% 0% 0 0
GigabitEthernet0/0/2 down down 0% 0% 0 0
GigabitEthernet0/0/3 down down 0% 0% 0 0
GigabitEthernet0/0/4 down down 0% 0% 0 0
GigabitEthernet0/0/5 down down 0% 0% 0 0
GigabitEthernet0/0/6 down down 0% 0% 0 0
GigabitEthernet0/0/7 down down 0% 0% 0 0
GigabitEthernet0/0/8 down down 0% 0% 0 0
GigabitEthernet0/0/9 up up 0.03% 0.01% 0 0
GigabitEthernet0/0/10 down down 0% 0% 0 0
NULL0 up up(s) 0% 0% 0 0
Vlanif1 up down -- -- 0 0
Vlanif97 up up -- -- 0 0
Vlanif99 up up -- -- 0 0
XGigabitEthernet0/0/1 down down 0% 0% 0 0
XGigabitEthernet0/0/2 down down 0% 0% 0 0
<GA-AirEgine9700S>
<GA-AirEgine9700S>dis ip rou
<GA-AirEgine9700S>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: PublicDestinations : 14 Routes : 14 Destination/Mask Proto Pre Cost Flags NextHop Interface0.0.0.0/0 Static 60 0 RD 192.168.99.2 Vlanif99127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0169.254.3.0/24 Direct 0 0 D 169.254.3.1 Ethernet0/0/47169.254.3.1/32 Direct 0 0 D 127.0.0.1 Ethernet0/0/47169.254.3.255/32 Direct 0 0 D 127.0.0.1 Ethernet0/0/47192.168.97.0/24 Direct 0 0 D 192.168.97.1 Vlanif97192.168.97.1/32 Direct 0 0 D 127.0.0.1 Vlanif97192.168.97.255/32 Direct 0 0 D 127.0.0.1 Vlanif97192.168.99.0/24 Direct 0 0 D 192.168.99.198 Vlanif99192.168.99.14/32 Direct 0 0 D 127.0.0.1 Vlanif99192.168.99.255/32 Direct 0 0 D 127.0.0.1 Vlanif99
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0<GA-AirEgine9700S>
<GA-AirEgine9700S>dis ap all
Total AP information:
fault : fault [9]
nor : normal [1]
ExtraInfo : Extra information
--------------------------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime ExtraInfo
--------------------------------------------------------------------------------------------------------
0 a47c-c940-6140 area_0 ap-group1 192.168.97.239 AP4051DN-S nor 4 3H:57M:17S -
1 a47c-c940-7da0 area_1 ap-group1 - AP4051DN-S fault 0 - -
2 a47c-c940-8ce0 area_2 ap-group1 - AP4051DN-S fault 0 - -
3 a47c-c940-7d20 area_3 ap-group1 - AP4051DN-S fault 0 - -
4 a47c-c940-9300 area_4 ap-group1 - AP4051DN-S fault 0 - -
5 a47c-c940-8a40 area_5 ap-group1 - AP4051DN-S fault 0 - -
6 a47c-c940-8300 area_6 ap-group1 - AP4051DN-S fault 0 - -
7 a47c-c940-90e0 area_7 ap-group1 - AP4051DN-S fault 0 - -
8 a47c-c940-8a20 area_8 ap-group1 - AP4051DN-S fault 0 - -
9 a47c-c940-8520 area_9 ap-group1 - AP4051DN-S fault 0 - -
--------------------------------------------------------------------------------------------------------
Total: 10
<GA-AirEgine9700S>