华为AirEgine9700S AC配置示例

Vlan97为管理Vlan

<AirEgine9700S>dis cu
Software Version V200R021C00SPC100
#
 sysname AirEgine9700S
#
 http timeout 60
 http secure-server ssl-policy default_policy
 http secure-server server-source -i all
 http server enable
#
  set np rss hash-mode 5-tuple
#
mdns permit service-type _airplay._tcp.local id 0
mdns permit service-type _raop._tcp.local id 1
mdns permit service-type _printer._tcp.local id 2
mdns permit service-type _ipp._tcp.local id 3
mdns permit service-type _universal._sub._ipp._tcp.local id 4
mdns permit service-type _cups._sub._ipp._tcp.local id 5
#
kpi disable
#
vlan batch 8 10 to 14 20 97 to 100 110 120 130 140 150 160
#
stp enable
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name macportal_authen_profile
authentication-profile name portal_authen_profile
#
dns resolve 
dns proxy enable
#
dhcp enable
#
diffserv domain default
vlan 150
 description WIFI_Office
vlan 160
 description WIFI_Device
#
radius-server template default
#
pki realm default
 certificate-check none
#
ssl policy default_policy type server
 pki-realm default
 version tls1.2 
 ciphersuite ecdhe_rsa_aes128_gcm_sha256 ecdhe_rsa_aes256_gcm_sha384 
#
ike proposal default
 encryption-algorithm aes-256 
 dh group14 
 authentication-algorithm sha2-256 
 authentication-method pre-share
 integrity-algorithm hmac-sha2-256 
 prf hmac-sha2-256 
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
 authentication-scheme default
  authentication-mode local
 authentication-scheme radius
  authentication-mode radius
 authorization-scheme default
  authorization-mode local
 accounting-scheme default
  accounting-mode none
 local-aaa-user password policy administrator
 domain default
  authentication-scheme default
  accounting-scheme default
  radius-server default
 domain default_admin
  authentication-scheme default
  accounting-scheme default
 local-user admin password irreversible-cipher $1a$70hU8lq&U8$^\lQClf^PH70e]Ai/T#=JH/B.o>_2@:TIc*5
 local-user admin privilege level 15
 local-user admin service-type telnet ssh http
#
interface Vlanif1
 ip address dhcp-alloc unicast
#
interface Vlanif97
 description Huawei_AP_Management
 ip address 192.168.97.1 255.255.255.0
 dhcp select interface
#
interface Vlanif99
 ip address 192.168.99.14 255.255.255.0
#
interface Ethernet0/0/47
 ip address 169.254.3.1 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 97
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk pvid vlan 97
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk pvid vlan 97
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk pvid vlan 97
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk pvid vlan 97
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/6
 port link-type trunk
 port trunk pvid vlan 97
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/7
 port link-type trunk
 port trunk pvid vlan 97
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/8
 port link-type trunk
 port trunk pvid vlan 97
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/9
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/10
 port link-type access
#               
interface XGigabitEthernet0/0/1
#
interface XGigabitEthernet0/0/2
#
interface NULL0
#
 ftp server-source -i Vlanif1
#
 info-center timestamp log date precision-time millisecond
 info-center timestamp trap date precision-time millisecond
#
undo icmp name timestamp-request receive
#
 undo snmp-agent 
#
 ssh server-source -i Vlanif1
 stelnet server enable 
 undo telnet ipv6 server enable 
 telnet server-source -i all
ssh server secure-algorithms cipher aes256_ctr aes128_ctr
ssh server secure-algorithms hmac sha2_256
ssh server key-exchange dh_group16_sha512 dh_group15_sha512 dh_group_exchange_sha256
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group16_sha512 dh_group15_sha512 dh_group_exchange_sha256
#
ip route-static 0.0.0.0 0.0.0.0 192.168.99.2
#
capwap source interface vlanif97
capwap dtls psk %^%#]lL\@l`~V01y4k&yGds;u
capwap dtls inter-controller psk %^%#y#it7qr4lEBfmj"64wf*-0)wAI
#
user-interface con 0
 authentication-mode password
 set authentication password irreversible-cipher $1b$yLn\E><a[($jmB=GQiO%9f'[email protected]*'D"S|U,deHK{7j:K$
 idle-timeout 120 0
user-interface vty 0 4
 authentication-mode aaa
 idle-timeout 120 0
 protocol inbound all
user-interface vty 16 20
 authentication-mode aaa
 protocol inbound ssh
#
wmi-server
#
wmi-server2
#               
wlan
 temporary-management psk %^%#9%#HB6rgA1g8A,'LjmwC|EJ`LC'Il3MgbJ
 ap username admin password cipher %^%#He1C-To#\%zv]kVML
 traffic-profile name default
 security-profile name CEST
  security wpa-wpa2 psk pass-phrase %^%#*w)%"FGyd1+**xFybfE9gs/*"<}.I%^%# aes
 security-profile name Admin
  security wpa-wpa2 psk pass-phrase %^%#6to$7l'm9U6wp,ITj9F3_Nx!
 security-profile name Device
  security wpa-wpa2 psk pass-phrase %^%#8:1y5eC72-K-~PP5fmi;lEE/Sb-sV70nB}`:h7%^%# aes
 security-profile name Mobile
  security wpa-wpa2 psk pass-phrase %^%#+7!1S3bB`Nt[];3vn*>;}w)0{ONd.C)|jv9HQ%^%# aes
 security-profile name default
 security-profile name default-wds
 security-profile name default-mesh
 ssid-profile name CEST
  ssid CEST
 ssid-profile name Admin
  ssid Admin
 ssid-profile name Device
  ssid Device
 ssid-profile name Mobile
  ssid Mobile
 ssid-profile name default
 vap-profile name CEST
  service-vlan vlan-id 20
  ssid-profile CEST
  security-profile CEST
 vap-profile name Admin
  service-vlan vlan-id 10
  ssid-profile Admin
  security-profile Admin
 vap-profile name Device
  service-vlan vlan-id 160
  ssid-profile Device
  security-profile Device
 vap-profile name Mobile
  service-vlan vlan-id 150
  ssid-profile Mobile
  security-profile Mobile
 vap-profile name default
 wds-profile name default
 mesh-handover-profile name default
 mesh-profile name default
 regulatory-domain-profile name default
 regulatory-domain-profile name domain1
 air-scan-profile name default
 rrm-profile name default
 radio-2g-profile name default
 radio-5g-profile name default
 wids-spoof-profile name default
 wids-whitelist-profile name default
 wids-profile name default
 wireless-access-specification
 ap-system-profile name default
 port-link-profile name default
 wired-port-profile name default
 ap-group name default
 ap-group name ap-group1
  regulatory-domain-profile domain1
  radio 0
   vap-profile Device wlan 1
   vap-profile Mobile wlan 2
   vap-profile Admin wlan 3
   vap-profile CEST wlan 4
  radio 1
   vap-profile Device wlan 1
   vap-profile Mobile wlan 2
   vap-profile Admin wlan 3
   vap-profile CEST wlan 4
 ap-id 0 type-id 79 ap-mac a47c-c940-6140 ap-sn 21500831133GMB000229
  ap-name area_0
  ap-group ap-group1
 ap-id 1 type-id 79 ap-mac a47c-c940-7da0 ap-sn 21500831133GMB000023
  ap-name area_1
  ap-group ap-group1
 ap-id 2 type-id 79 ap-mac a47c-c940-8ce0 ap-sn 21500831133GMB000126
  ap-name area_2
  ap-group ap-group1
 ap-id 3 type-id 79 ap-mac a47c-c940-7d20 ap-sn 21500831133GMB000019
  ap-name area_3
  ap-group ap-group1
 ap-id 4 type-id 79 ap-mac a47c-c940-9300 ap-sn 21500831133GMB000166
  ap-name area_4
  ap-group ap-group1
 ap-id 5 type-id 79 ap-mac a47c-c940-8a40 ap-sn 21500831133GMB000147
  ap-name area_5
  ap-group ap-group1
 ap-id 6 type-id 79 ap-mac a47c-c940-8300 ap-sn 21500831133GMB000066
  ap-name area_6
  ap-group ap-group1
 ap-id 7 type-id 79 ap-mac a47c-c940-90e0 ap-sn 21500831133GMB000189
  ap-name area_7
  ap-group ap-group1
 ap-id 8 type-id 79 ap-mac a47c-c940-8a20 ap-sn 21500831133GMB000145
  ap-name area_8
  ap-group ap-group1
 ap-id 9 type-id 79 ap-mac a47c-c940-8520 ap-sn 21500831133GMB000083
  ap-name area_9
  ap-group ap-group1
 provision-ap
#
device-profile profile-name @default_device_profile
 device-type default_type_phone
 enable
 rule 0 user-agent sub-match Android 
 rule 1 user-agent sub-match iPhone 
 rule 2 user-agent sub-match iPad 
 if-match rule 0 or rule 1 or rule 2
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
 undo ntp-service enable
 ntp-service server server-source -i Vlanif1
#
return
<AirEgine9700S> 
<AirEgine9700S>
<AirEgine9700S>dis int bri
PHY: Physical
*down: administratively down
(l): loopback
(s): spoofing
(b): BFD down
(e): ETHOAM down
InUti/OutUti: input utility/output utility
Interface                   PHY   Protocol  InUti OutUti   inErrors  outErrors
Ethernet0/0/47              up    up           0%     0%          0          0
GigabitEthernet0/0/1        down  down         0%     0%          0          0
GigabitEthernet0/0/2        down  down         0%     0%          0          0
GigabitEthernet0/0/3        down  down         0%     0%          0          0
GigabitEthernet0/0/4        down  down         0%     0%          0          0
GigabitEthernet0/0/5        down  down         0%     0%          0          0
GigabitEthernet0/0/6        down  down         0%     0%          0          0
GigabitEthernet0/0/7        down  down         0%     0%          0          0
GigabitEthernet0/0/8        down  down         0%     0%          0          0
GigabitEthernet0/0/9        up    up        0.03%  0.01%          0          0
GigabitEthernet0/0/10       down  down         0%     0%          0          0
NULL0                       up    up(s)        0%     0%          0          0
Vlanif1                     up    down         --     --          0          0
Vlanif97                    up    up           --     --          0          0
Vlanif99                    up    up           --     --          0          0
XGigabitEthernet0/0/1       down  down         0%     0%          0          0
XGigabitEthernet0/0/2       down  down         0%     0%          0          0
<GA-AirEgine9700S>
<GA-AirEgine9700S>dis ip rou
<GA-AirEgine9700S>dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 14       Routes : 14       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        0.0.0.0/0   Static  60   0          RD   192.168.99.2    Vlanif99
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
    169.254.3.0/24  Direct  0    0           D   169.254.3.1     Ethernet0/0/47
    169.254.3.1/32  Direct  0    0           D   127.0.0.1       Ethernet0/0/47
  169.254.3.255/32  Direct  0    0           D   127.0.0.1       Ethernet0/0/47
   192.168.97.0/24  Direct  0    0           D   192.168.97.1    Vlanif97
   192.168.97.1/32  Direct  0    0           D   127.0.0.1       Vlanif97
 192.168.97.255/32  Direct  0    0           D   127.0.0.1       Vlanif97
   192.168.99.0/24  Direct  0    0           D   192.168.99.198   Vlanif99
  192.168.99.14/32  Direct  0    0           D   127.0.0.1       Vlanif99
 192.168.99.255/32  Direct  0    0           D   127.0.0.1       Vlanif99
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

<GA-AirEgine9700S>
<GA-AirEgine9700S>dis ap all
Total AP information:
fault : fault           [9]
nor   : normal          [1]
ExtraInfo : Extra information
--------------------------------------------------------------------------------------------------------
ID    MAC            Name   Group     IP             Type       State  STA  Uptime     ExtraInfo
--------------------------------------------------------------------------------------------------------
0     a47c-c940-6140 area_0 ap-group1 192.168.97.239 AP4051DN-S nor    4    3H:57M:17S -
1     a47c-c940-7da0 area_1 ap-group1 -              AP4051DN-S fault  0    -          -
2     a47c-c940-8ce0 area_2 ap-group1 -              AP4051DN-S fault  0    -          -
3     a47c-c940-7d20 area_3 ap-group1 -              AP4051DN-S fault  0    -          -
4     a47c-c940-9300 area_4 ap-group1 -              AP4051DN-S fault  0    -          -
5     a47c-c940-8a40 area_5 ap-group1 -              AP4051DN-S fault  0    -          -
6     a47c-c940-8300 area_6 ap-group1 -              AP4051DN-S fault  0    -          -
7     a47c-c940-90e0 area_7 ap-group1 -              AP4051DN-S fault  0    -          -
8     a47c-c940-8a20 area_8 ap-group1 -              AP4051DN-S fault  0    -          -
9     a47c-c940-8520 area_9 ap-group1 -              AP4051DN-S fault  0    -          -
--------------------------------------------------------------------------------------------------------
Total: 10
<GA-AirEgine9700S>