收藏
下载资源下载资源 加入VIP,免费下载

WLANWEB认证BAS配置.docx

上传人:b****5 文档编号:7498072 上传时间:2023-01-24 格式:DOCX 页数:16 大小:16.84KB
下载 相关 举报
WLANWEB认证BAS配置.docx_第1页
第1页 / 共16页
WLANWEB认证BAS配置.docx_第2页
第2页 / 共16页
WLANWEB认证BAS配置.docx_第3页
第3页 / 共16页
WLANWEB认证BAS配置.docx_第4页
第4页 / 共16页
WLANWEB认证BAS配置.docx_第5页
第5页 / 共16页
点击查看更多>>
下载资源
资源描述

WLANWEB认证BAS配置.docx

《WLANWEB认证BAS配置.docx》由会员分享,可在线阅读,更多相关《WLANWEB认证BAS配置.docx(16页珍藏版)》请在冰豆网上搜索。

WLANWEB认证BAS配置.docx

WLANWEB认证BAS配置

WLAN通过web认证,以下是BAS的配置:

(红色部分为必须配置的)

#

sysnameSNYUL-MC-CMNET-BAS03-XSEC-ME60

#

superpasswordlevel3cipherREN<.6A.1^SQ=^Q`MAF4<1!

!

superpasswordlevel15cipherJS,[51EA,'%B,.\#C3YB91!

!

#

routerid218.200.1.148

#

user-groupwlan

user-groupsxyd

#

diffservdomaindefault

#

radius-servergroupsnmcc

radius-serverauthentication211.137.133.31812weight0

radius-serverauthentication211.137.133.41812weight10

radius-serveraccounting211.137.133.31813weight0

radius-serveraccounting211.137.133.41813weight10

radius-servershared-key135--139

radius-serverclass-as-car

radius-serversourceinterfaceLoopBack0

radius-serverattributetranslate

undoradius-serveruser-namedomain-included

#

bfd

#

mplslsr-id218.200.1.148

mpls

#

mplsldp

#

aclnumber2000

descriptionNAT-IN

rule5permit

#

aclnumber2100

rule5permitsource10.37.0.00.0.7.255

rule10permitsource10.37.8.00.0.7.255

rule15deny

#

aclnumber3000

rule5denyudpdestination-porteq593

rule10denyudpdestination-porteq1434

rule15denyudpdestination-porteq136

rule20denyudpdestination-porteq135

rule25denyudpdestination-porteq5554

rule30denyudpdestination-porteqnetbios-ns

rule35denyudpdestination-porteqnetbios-ssn

rule40denyudpdestination-porteq445

rule45denytcpdestination-porteq4444

rule50denytcpdestination-porteq135

rule55denytcpdestination-porteq9996

rule60denytcpdestination-porteq137

rule65denytcpdestination-porteq139

rule70denytcpdestination-porteq9995

rule75denytcpdestination-porteq138

rule80denytcpdestination-porteq5554

rule85denytcpdestination-porteq445

rule90denytcpdestination-porteq5800

rule95denytcpdestination-porteq5900

rule100denytcpdestination-porteq593

rule105denytcpdestination-porteq1720

rule110denytcpdestination-porteq136

rule500permitip

#

aclnumber6000match-orderauto

rule5permitipsourceip-address211.137.133.50destinationuser-groupwlan

rule10permitipsourceip-address211.137.130.30destinationuser-groupwlan

rule15permitipsourceip-address211.137.130.190destinationuser-groupwlan

rule30permitipsourceuser-groupwlandestinationip-address211.137.130.30

rule35permitipsourceuser-groupwlandestinationip-address211.137.130.190

rule40permitipsourceuser-groupwlandestinationip-address211.137.133.50

rule55permitipsourceuser-groupsxyddestinationip-address211.137.130.30

rule60permitipsourceuser-groupsxyddestinationip-address211.137.130.190

#

aclnumber6001match-orderauto

rule5permitipsourceuser-groupwlandestinationip-addressany

rule10permitipsourceuser-groupsxyddestinationip-addressany

#

trafficclassifiervirusoperatoror

if-matchacl3000

trafficclassifierylwlan-denyoperatoror

if-matchacl6001

trafficclassifierylwlan-permitoperatoror

if-matchacl6000

#

trafficbehavioranti

trafficbehaviorpermit

trafficbehaviordeny

deny

#

trafficpolicyylwlan_traffic

classifierylwlan-permitbehaviorpermit

classifierylwlan-denybehaviordeny

classifiervirusbehavioranti

traffic-policyylwlan_trafficinbound

#

qos-profiledefault

#

session-group-profiledefault

#

isis100

graceful-restart

is-levellevel-2

cost-stylewide

timerlsp-generation15050level-2

network-entity39.752f.0100.0014.0000.1000.0010.2182.0000.1148.00

is-nameSNYUL-MC-CMNET-BAS03-XSEC-ME60

import-routedirect

import-routestatic

timerspf15050

log-peer-change

set-overloadon-startupwait-for-bgp

#

interfaceAux0/0/1

#

interfaceVirtual-Template0

#

interfaceVirtual-Template1

#

interfaceNULL0

#

interfaceLoopBack0

descriptionForManagement

ipaddress218.200.1.148255.255.255.255

isisenable100

isiscircuit-levellevel-2

#

firewallzonezone1

priority100

#

firewallzonezone2

priority60

#

l2tp-groupdefault-lac

tunnelnameQuidway

#

l2tp-groupdefault-lns

tunnelnameQuidway

#

bgp64650

router-id218.200.1.148

groupRR-L2internal

peerRR-L2descriptionTO-[SNYL-PC-CMNET-RT01-NE40E]/[SNYUL-MB-CMNET-RT02-7750SR7]

peerRR-L2connect-interfaceLoopBack0

peerRR-L2passwordcipher)M+08YOA3=;Q=^Q`MAF4<1!

!

peer218.200.1.13as-number64650

peer218.200.1.13groupRR-L2

peer218.200.1.13descriptionSNYL-PC-CMNET-RT01-NE40E

peer218.200.1.153as-number64650

peer218.200.1.153groupRR-L2

peer218.200.1.153descriptionSNYUL-MB-CMNET-RT02-7750SR7

#

ipv4-familyunicast

undosynchronization

network120.192.235.192255.255.255.224****(发布NAT地址池)****

maximumload-balancing6

peerRR-L2enable

peer218.200.1.13enable

peer218.200.1.13groupRR-L2

peer218.200.1.153enable

peer218.200.1.153groupRR-L2

#

ipv4-familyvpnv4

policyvpn-target

peerRR-L2enable

peer218.200.1.13enable

peer218.200.1.13groupRR-L2

peer218.200.1.153enable

peer218.200.1.153groupRR-L2

#

ippoolwlanlocal

gateway10.37.0.1255.255.248.0

section010.37.0.210.37.7.255

dns-server211.137.130.3

dns-server211.137.130.19secondary

#

iptn

#

dpipts

#

dpiglobal-policy

#

dpidsu-mac

#

dpirestricted-policy

#

ancp

neighbor-profiledefault-neighbor

#

dot1x-template1

#

aaa

authentication-schemenone

authentication-modenone

authentication-schemewlan

authentication-modenone

authentication-schemeradius

authentication-schemelocal

authentication-modelocal

authentication-schemesnmcc

accounting-schemenone

accounting-modenone

accounting-schemewlan

accounting-modenone

accounting-schemeradius

accounting-schemesnmcc

domaindefault0

domaindefault1

domaindefault_admin

authentication-schemelocal

domainonu-and-switch-guanli

authentication-schemenone

accounting-schemenone

domainwlan.sn

authentication-schemesnmcc

accounting-schemesnmcc

service-typehsi

radius-servergroupsnmcc

ip-poolwlan

zonezone1

domainwlan

authentication-schemewlan

accounting-schemewlan

service-typehsi

web-server211.137.133.5

web-serverredirect-keyuser-ip-addresswlanuserip

user-groupwlan

ip-poolwlan

zonezone1

#

#

local-aaa-server

userhuaweipasswordcipher$'F;-;"KQ

OE)Q!

!

authentication-typeTlevel0

userhuawei01passwordcipher/*T%H"KU`\;Q=^Q`MAF4<1!

!

authentication-typeTlevel15

#

interfaceEth-Trunk1

descriptionTO-[SNYL-PC-CMNET-RT01-NE40E]-ETH-Trunk5=4G

ipaddress120.192.235.46255.255.255.252

isisenable100

isiscircuit-levellevel-2

isiscost100level-2

mpls

mplsldp

zonezone2

#

interfaceEth-Trunk2

descriptionTO-[SNYUL-MB-CMNET-RT02-7750SR7]-ETH-Trunk5=4G

ipaddress120.192.235.50255.255.255.252

isisenable100

isiscircuit-levellevel-2

isiscost200level-2

mpls

mplsldp

zonezone2

#

interfaceGigabitEthernet0/0/0

shutdown

speedauto

duplexauto

#

interfaceGigabitEthernet1/0/0

descriptionTO-[SNYL-PC-CMNET-RT01-NE40E]-GE6/1/8=1G

undoshutdown

eth-trunk1

#

interfaceGigabitEthernet1/0/1

descriptionTO-[SNYL-PC-CMNET-RT01-NE40E]-GE6/1/9=1G

undoshutdown

eth-trunk1

#

interfaceGigabitEthernet1/0/2

descriptionTO-[SNYL-PC-CMNET-RT01-NE40E]-GE6/1/10=1G

undoshutdown

eth-trunk1

#

interfaceGigabitEthernet1/0/3

descriptionTO-[SNYL-PC-CMNET-RT01-NE40E]-GE6/1/11=1G

undoshutdown

eth-trunk1

#

interfaceGigabitEthernet1/0/4

undoshutdown

#

interfaceGigabitEthernet1/0/5

shutdown

#

interfaceGigabitEthernet1/0/6

shutdown

#

interfaceGigabitEthernet1/0/7

shutdown

#

interfaceGigabitEthernet1/0/8

shutdown

#

interfaceGigabitEthernet1/0/9

shutdown

#

interfaceGigabitEthernet1/0/10

shutdown

#

interfaceGigabitEthernet1/0/11

shutdown

#

interfaceGigabitEthernet1/0/12

shutdown

#

interfaceGigabitEthernet1/0/13

shutdown

#

interfaceGigabitEthernet1/0/14

shutdown

#

interfaceGigabitEthernet1/0/15

shutdown

#

interfaceGigabitEthernet1/0/16

shutdown

#

interfaceGigabitEthernet1/0/17

shutdown

#

interfaceGigabitEthernet1/0/18

shutdown

#

interfaceGigabitEthernet1/0/19

shutdown

#

interfaceGigabitEthernet1/0/20

shutdown

#

interfaceGigabitEthernet1/0/21

shutdown

#

interfaceGigabitEthernet1/0/22

shutdown

#

interfaceGigabitEthernet1/0/23

shutdown

#

interfaceGigabitEthernet2/0/0

descriptionTO-[SNYUL-MB-CMNET-RT02-7750SR7]-GE3/1/0=1G

undoshutdown

eth-trunk2

#

interfaceGigabitEthernet2/0/1

descriptionTO-[SNYUL-MB-CMNET-RT02-7750SR7]-GE3/1/1=1G

undoshutdown

eth-trunk2

#

interfaceGigabitEthernet2/0/2

descriptionTO-[SNYUL-MB-CMNET-RT02-7750SR7]-GE3/1/2=1G

undoshutdown

eth-trunk2

#

interfaceGigabitEthernet2/0/3

descriptionTO-[SNYUL-MB-CMNET-RT02-7750SR7]-GE3/1/3=1G

undoshutdown

eth-trunk2

#

interfaceGigabitEthernet2/0/4

shutdown

#

interfaceGigabitEthernet2/0/5

shutdown

#

interfaceGigabitEthernet2/0/6

shutdown

#

interfaceGigabitEthernet2/0/7

shutdown

#

interfaceGigabitEthernet2/0/8

shutdown

#

interfaceGigabitEthernet2/0/9

shutdown

#

interfaceGigabitEthernet2/0/10

shutdown

#

interfaceGigabitEthernet2/0/11

shutdown

#

interfaceGigabitEthernet2/0/12

descriptionWLAN-AC

undoshutdown

#

interfaceGigabitEthernet2/0/12.2

descriptionWlan

user-vlan201207

bas

access-typelayer2-subscriberdefault-domainpre-authenticationwlanauthenticationwlan.sn

nas-port-type802.11

authentication-methodweb

#

interfaceGigabitEthernet2/0/13

shutdown

#

interfaceGigabitEthernet2/0/14

shutdown

#

interfaceGigabitEthernet2/0/15

shutdown

#

interfaceGigabitEthernet2/0/16

shutdown

#

interfaceGigabitEthernet2/0/17

shutdown

#

interfaceGigabitEthernet2/0/18

shutdown

#

interfaceGigabitEthernet2/0/19

shutdown

展开阅读全文
相关资源
猜你喜欢
相关搜索

当前位置:首页 > 工作范文 > 其它

copyright@ 2008-2022 冰豆网网站版权所有

经营许可证编号:鄂ICP备2022015515号-1