H3C 胖AP设置(VLAN模式)——高级配置
恢复出厂
The saved configuration file will be erased. Are you sure? [Y/N]:y
Configuration file in flash is being cleared.
Please wait ...
....
Configuration file is cleared.
Start to check configuration with next startup configuration file, please wait.
........DONE!
This command will reboot the device. Current configuration will be lost, save c
urrent configuration? [Y/N]:n
This command will reboot the device. Continue? [Y/N]:y
#Nov 24 03:03:52:580 2014 WA2620i-AGN DEVM/1/REBOOT:
Reboot device by command.
配置交换机名称
System View: return to User View with Ctrl+Z.
[WA2620i-AGN]sysname IT-WA2620-3
配置管理地址
interface Vlan-interface1
ip address 172.16.1.10 255.255.255.0
配置管理员账号及密码,为该用户开启telnet、con、web服务
[IT-WA2620-3]local-user admin
[IT-WA2620-3-luser-admin]password cipher 12345678
[IT-WA2620-3-luser-admin]service-type telnet terminal
[IT-WA2620-3-luser-admin]service-type web
配置con接口与telnet
[IT-WA2620-3]user-interface con 0
[IT-WA2620-3-ui-console0]authentication-mode scheme
[IT-WA2620-3-ui-console0]quit
[IT-WA2620-3]user-interface vty 0 4
[IT-WA2620-3-ui-vty0-4]authentication-mode scheme
[IT-WA2620-3-ui-vty0-4]quit
配置SSH(最好逐行复制输入,中间有对话框,不要全部复制粘贴)
ssh server enable
public-key local create rsa
1024
user-interface vty 0 4
authentication-mode scheme
protocol inbound ssh
quit
local-user admin
service-type ssh
authorization-attribute level 3
quit
ssh user admin service-type stelnet authentication-type password
配置用户之间不隔离
undo wlan-client-isolation enable
添加缺省路由
ip route-static 0.0.0.0 0.0.0.0 172.16.1.1
配置SNMP
snmp-agent
snmp-agent community read public
snmp-agent sys-info version all
配置NTP
ntp-service unicast-server 210.72.145.44
ntp-service unicast-server 202.120.2.101
配置上行链路为Trunk
interface g1/0/1
port link-type trunk
port trunk permit vlan all
配置需要通过VLAN
vlan 10
Description Server-Lan
vlan 20
Description Desktop-Lan
vlan 30
Description Laptop-Lan
vlan 40
Description Guest-Lan
。
。
。
配置多VLAN无线接口
interface WLAN-BSS 11
port link-type access
port access vlan 30
interface WLAN-BSS 12
port link-type access
port access vlan 30
interface WLAN-BSS 13
port link-type access
port access vlan 40
interface WLAN-BSS 14
port link-type access
port access vlan 40
配置模板与SSID参数(通常所谓的AES加密)
wlan service-template 11 crypto
ssid YYE5G-H3C
cipher-suite tkip
security-ie rsn
wlan service-template 12 crypto
ssid YYE-H3C
cipher-suite tkip
security-ie rsn
wlan service-template 13 crypto
ssid Guest5G-H3C
cipher-suite tkip
security-ie rsn
wlan service-template 14 crypto
ssid Guest-H3C
cipher-suite tkip
security-ie rsn
interface WLAN-BSS 11
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase simple 12345678
interface WLAN-BSS 12
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase simple 12345678
interface WLAN-BSS 13
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase simple 12345678
interface WLAN-BSS 14
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase simple 12345678
配置开放SSID(举例)
wlan service-template 1 clear
ssid H3C
配置射频绑定SSID、模板、信道
[IT-WA2620-3]interface WLAN-Radio1/0/1
[IT-WA2620-3-WLAN-Radio1/0/1]service-template 11 interface wlan-bss 11
[IT-WA2620-3-WLAN-Radio1/0/1]service-template 13 interface wlan-bss 13
[IT-WA2620-3-WLAN-Radio1/0/1]interface WLAN-Radio1/0/2
[IT-WA2620-3-WLAN-Radio1/0/1]service-template 12 interface wlan-bss 12
[IT-WA2620-3-WLAN-Radio1/0/1]service-template 14 interface wlan-bss 14
[IT-WA2620-3-WLAN-Radio1/0/1]channel 6
清理默认模板H3C
[IT-WA2620-3]interface WLAN-Radio1/0/2
[IT-WA2620-3-WLAN-Radio1/0/2]undo service-template 1
[IT-WA2620-3-WLAN-Radio1/0/2]quit
[IT-WA2620-3]undo wlan service-template 1
[IT-WA2620-3]undo interface WLAN-BSS32
[IT-WA2620-3]undo interface WLAN-BSS33
启用模板(放出SSID信号)
wlan service-template 11 crypto
service-template enable
wlan service-template 12 crypto
service-template enable
wlan service-template 13 crypto
service-template enable
wlan service-template 14 crypto
service-template enable