...
Настройка ESR
Без форматирования |
---|
copy system:default-config system:candidate-config
hostname ESR-200-004
vlan 2
exit
bridge 2
description "UpLink"
vlan 2
ip firewall disable
ip address 10.10.2.4/24
enable
exit
interface gigabitethernet 1/0/1
mode switchport
switchport forbidden default-vlan
switchport mode trunk
switchport trunk native-vlan 2
exit
security passwords history 0
ip telnet server
ip ssh server |
Без форматирования |
---|
#!/usr/bin/clish #18 object-group service dhcp_server port-range 67 exit object-group service dhcp_client port-range 68 exit object-group network MGMT ip prefix 172.31.101.0/24 ip prefix 172.16.101.0/28 exit object-group network nat_users ip prefix 100.64.1.1/24 exit radius-server timeout 10 radius-server host 10.10.2.149 key ascii-text testing123 timeout 11 source-address 10.10.2.4 auth-port 31812 acct-port 31813 retransmit 2 dead-interval 10 exit aaa radius-profile PCRF radius-server host 10.10.2.149 exit das-server COA key ascii-text encrypted testing123 port 3799 clients object-group MGMT exit aaa das-profile COA das-server COA exit no spanning-tree domain lookup enable domain name-server 10.10.2.149 security zone trusted exit security zone untrusted exit security zone gre exit security zone user exit snmp-server snmp-server system-shutdown snmp-server community "public" ro snmp-server community "private" rw snmp-server host 10.10.2.149 exit snmp-server enable traps snmp-server enable traps config snmp-server enable traps config commit snmp-server enable traps config confirm snmp-server enable traps environment snmp-server enable traps environment pwrin snmp-server enable traps environment pwrin-insert snmp-server enable traps environment fan snmp-server enable traps environment fan-speed-changed snmp-server enable traps environment fan-speed-high snmp-server enable traps environment memory-flash-critical-low snmp-server enable traps environment memory-flash-low snmp-server enable traps environment memory-ram-critical-low snmp-server enable traps environment memory-ram-low snmp-server enable traps environment cpu-load snmp-server enable traps environment cpu-critical-temp snmp-server enable traps environment cpu-overheat-temp snmp-server enable traps environment cpu-supercooling-temp snmp-server enable traps environment board-overheat-temp snmp-server enable traps environment board-supercooling-temp snmp-server enable traps environment sfp-overheat-temp snmp-server enable traps environment sfp-supercooling-temp snmp-server enable traps environment switch-overheat-temp snmp-server enable traps environment switch-supercooling-temp snmp-server enable traps ports snmp-server enable traps ports port-counters-errors snmp-server enable traps wifi snmp-server enable traps wifi wifi-tunnels-number-in-bridge-high snmp-server enable traps file-operations snmp-server enable traps file-operations successful snmp-server enable traps file-operations failed snmp-server enable traps file-operations canceled snmp-server enable traps interfaces snmp-server enable traps interfaces rx-utilization-high snmp-server enable traps interfaces tx-utilization-high snmp-server enable traps interfaces number-high snmp-server enable traps bras snmp-server enable traps bras sessions-number-high snmp-server enable traps screen snmp-server enable traps screen dest-limit snmp-server enable traps screen source-limit snmp-server enable traps screen icmp-threshold snmp-server enable traps screen udp-threshold snmp-server enable traps screen syn-flood snmp-server enable traps screen land snmp-server enable traps screen winnuke snmp-server enable traps screen icmp-frag snmp-server enable traps screen udp-frag snmp-server enable traps screen icmp-large snmp-server enable traps screen syn-frag snmp-server enable traps screen unknown-proto snmp-server enable traps screen ip-frag snmp-server enable traps screen port-scan snmp-server enable traps screen ip-sweep snmp-server enable traps screen syn-fin snmp-server enable traps screen fin-no-ack snmp-server enable traps screen no-flag snmp-server enable traps screen spoofing snmp-server enable traps screen reserved snmp-server enable traps screen quench snmp-server enable traps screen echo-request snmp-server enable traps screen time-exceeded snmp-server enable traps screen unreachable snmp-server enable traps screen tcp-all-flags snmp-server enable traps entity snmp-server enable traps entity config-change snmp-server enable traps entity-sensor snmp-server enable traps entity-sensor threshold snmp-server enable traps envmon snmp-server enable traps envmon fan snmp-server enable traps envmon shutdown snmp-server enable traps envmon supply snmp-server enable traps envmon temperature snmp-server enable traps flash snmp-server enable traps flash insertion snmp-server enable traps flash removal snmp-server enable traps snmp snmp-server enable traps snmp authentication snmp-server enable traps snmp coldstart snmp-server enable traps snmp linkdown snmp-server enable traps snmp linkup snmp-server enable traps syslog bridge 3 description "AP_MANAGMENT" security-zone trusted ip firewall disable ip address 172.31.101.1/24 ip helper-address 10.10.2.149 ip tcp adjust-mss 1418 protected-ports local enable exit bridge 10 description "AP_SSID1_USERS" security-zone user ip firewall disable ip address 100.64.1.1/24 ip helper-address 10.10.2.149 ip tcp adjust-mss 1418 location data10 protected-ports local enable exit interface gigabitethernet 1/0/1.2011 description "GRE_AP" security-zone gre ip firewall disable ip address 172.16.101.1/28 ip address 172.16.101.2/28 exit interface gigabitethernet 1/0/1 description "UpLink" security-zone trusted ip firewall disable ip address 10.10.2.4/24 ip tcp adjust-mss 1418 exit tunnel softgre 1 description "managment" mode management local address 172.16.101.1 default-profile enable exit tunnel softgre 1.1 bridge-group 3 enable exit tunnel softgre 2 description "data" mode data local address 172.16.101.2 default-profile enable exit security zone-pair gre self rule 1 action permit match protocol gre enable exit rule 2 action permit match protocol icmp enable exit exit security zone-pair trusted self rule 1 action permit match source-address MGMT enable exit exit security zone-pair trusted trusted rule 1 action permit match source-address MGMT enable exit exit security zone-pair trusted user rule 1 action permit enable exit exit security zone-pair trusted gre rule 1 action permit enable exit exit security zone-pair user self rule 1 action permit match protocol udp match source-port dhcp_client match destination-port dhcp_server enable exit exit security zone-pair user trusted rule 1 action permit match protocol udp match source-port dhcp_client match destination-port dhcp_server enable exit exit security zone-pair user untrusted rule 1 action permit enable exit exit nat source ruleset nat_ALL to interface gigabitethernet 1/0/1 rule 1 match source-address nat_users match not destination-address MGMT action source-nat interface enable exit exit exit ip dhcp-relay ip route 0.0.0.0/0 172.16.0.1 ip route 192.168.101.0/24 172.16.101.4 wireless-controller nas-ip-address 10.10.2.4 data-tunnel configuration radius aaa das-profile COA aaa radius-profile PCRF enable exit ip telnet server ip ssh server ntp enable ntp server 10.10.2.149 exit |
...