Сравнение версий

Старая версия 2

changes.mady.by.user Сервисный центр Wi-Fi

Сохранено

по сравнению с

Новая версия 3

changes.mady.by.user Сервисный центр Wi-Fi

Сохранено

Ключ

  • Эта строка добавлена.
  • Эта строка удалена.
  • Изменено форматирование.

...

Полная конфигурация WLC-1

Раскрыть


Блок кода
languagevb
#!/usr/bin/clish


#270


#1.30.x


#2024-11-22


#05:32:21


hostname WLC-1


object-group service airtune


  port-range 8099


exit


object-group service dhcp_client


  port-range 68


exit


object-group service dhcp_server


  port-range 67


exit


object-group service dns


  port-range 53


exit


object-group service netconf


  port-range 830


exit


object-group service ntp


  port-range 123


exit


object-group service radius_auth


  port-range 1812


exit


object-group service sa


  port-range 8043-8044


exit


object-group service ssh


  port-range 22


exit


object-group service sync


  port-range 873


exit


object-group service softgre_controller


  port-range 1337


exit


syslog max-files 3


syslog file-size 512


syslog file tmpsys:syslog/default


  severity info


exit


radius-server local


  nas ap


    key ascii-text encrypted 8CB5107EA7005AFF


    network 192.168.1.0/24

exit
nas local
key 

  exit
  nas local
    key ascii-text encrypted 8CB5107EA7005AFF


    network 127.0.0.1/32

exit
domain default
user test
password 

  exit
  domain default
    user test
      password ascii-text encrypted CDE65039E5591FA3

exit
exit

    exit
  exit
  virtual-server default

enable
exit
enable
exit

    enable
  exit
  enable
exit
radius-server host 127.0.0.1


  key ascii-text encrypted 8CB5107EA7005AFF


exit


aaa radius-profile default_radius


  radius-server host 127.0.0.1


exit


boot host auto-config


boot host auto-update


vlan 3


  force-up


exit


vlan 2449


  force-up


exit


vlan 2


exit


no spanning-tree


domain lookup enable


security zone trusted


exit


security zone untrusted


exit


security zone users


exit


bridge 1


  vlan 2449


  security-zone trusted


  ip address 192.168.1.2/24


  vrrp id 1


  vrrp ip 192.168.1.1/32


  vrrp priority 120


  vrrp group 1


  vrrp preempt disable


  vrrp timers garp refresh 60

vrrp
no 

  vrrp
  no spanning-tree


  enable


exit


bridge 2


  vlan 2


  security-zone untrusted


  ip address dhcp


  no spanning-tree


  enable


exit


bridge 3


  vlan 3


  mtu 1458


  security-zone users


  ip address 192.168.2.2/24


  vrrp id 3


  vrrp ip 192.168.2.1/32


  vrrp priority 120


  vrrp group 1


  vrrp preempt disable


  vrrp timers garp refresh 60

vrrp
no 

  vrrp
  no spanning-tree


  enable


exit


interface gigabitethernet 1/0/1


  mode switchport


  switchport access vlan 2


exit


interface gigabitethernet 1/0/2


  mode switchport


  switchport mode trunk


  switchport trunk allowed vlan add 3,2449


exit


interface gigabitethernet 1/0/3


  mode switchport


exit


interface gigabitethernet 1/0/4


  mode switchport


exit


interface tengigabitethernet 1/0/1


  mode switchport


  switchport access vlan 2


exit


interface tengigabitethernet 1/0/2


  mode switchport


exit


tunnel softgre 1


  mode data


  local address 192.168.1.1


  default-profile


  enable


exit


ip failover


  local-address 192.168.1.2


  remote-address 192.168.1.3


  vrrp-group 1


exit


security zone-pair trusted self


  rule 10


    action permit


    match protocol tcp


    match destination-port object-group ssh

enable
exit
rule 11
action permit
match protocol vrrp
enable
exit
rule 12
action permit
match protocol tcp
match destination-port object-group softgre_controller
enable
exit
rule 13
action permit
match protocol tcp
match destination-port object-group sync
enable
exit
rule 20
action permit
match protocol icmp
enable
exit
rule 30
action permit
match protocol udp
match source-port object-group dhcp_client
match destination-port object-group dhcp_server
enable
exit
rule 40
action permit
match protocol udp
match destination-port object-group ntp
enable
exit
rule 50
action permit
match protocol tcp
match destination-port object-group dns
enable
exit
rule 60
action permit
match protocol udp
match destination-port object-group dns
enable
exit
rule 70
action permit
match protocol tcp
match destination-port object-group netconf
enable
exit
rule 80
action permit
match protocol tcp
match destination-port object-group sa
enable
exit
rule 90
action permit
match protocol udp
match destination-port object-group radius_auth
enable
exit
rule 100
action permit
match protocol gre
enable
exit
rule 110
action permit
match protocol tcp
match destination-port object-group airtune
enable
exit
exit
security zone-pair trusted trusted
rule 1
action permit
enable
exit
exit
security zone-pair trusted untrusted
rule 1
action permit
enable
exit
exit
security zone-pair untrusted self
rule 1
action permit
match protocol udp
match source-port object-group dhcp_server
match destination-port object-group dhcp_client
enable
exit
exit
security zone-pair users self
rule 10
action permit
match protocol icmp
enable
exit
rule 11
action permit
match protocol vrrp
enable
exit
rule 20
action permit
match protocol udp
match source-port object-group dhcp_client
match destination-port object-group dhcp_server
enable
exit
rule 30
action permit
match protocol tcp
match destination-port object-group dns
enable
exit
rule 40
action permit
match protocol udp
match destination-port object-group dns
enable
exit
exit
security zone-pair users untrusted
rule 1
action permit
enable
exit
exit

security passwords default-expired

nat source
ruleset factory
to zone untrusted
rule 10
description "replace 'source ip' by outgoing interface ip address"
action source-nat interface
enable
exit
exit
exit

ip dhcp-server
ip dhcp-server pool ap-pool
network 

    enable
  exit
  rule 11
    action permit
    match protocol vrrp
    enable
  exit
  rule 12
    action permit
    match protocol tcp
    match destination-port object-group softgre_controller
    enable
  exit
  rule 13
    action permit
    match protocol tcp
    match destination-port object-group sync
    enable
  exit
  rule 20
    action permit
    match protocol icmp
    enable
  exit
  rule 30
    action permit
    match protocol udp
    match source-port object-group dhcp_client
    match destination-port object-group dhcp_server
    enable
  exit
  rule 40
    action permit
    match protocol udp
    match destination-port object-group ntp
    enable
  exit
  rule 50
    action permit
    match protocol tcp
    match destination-port object-group dns
    enable
  exit
  rule 60
    action permit
    match protocol udp
    match destination-port object-group dns
    enable
  exit
  rule 70
    action permit
    match protocol tcp
    match destination-port object-group netconf
    enable
  exit
  rule 80
    action permit
    match protocol tcp
    match destination-port object-group sa
    enable
  exit
  rule 90
    action permit
    match protocol udp
    match destination-port object-group radius_auth
    enable
  exit
  rule 100
    action permit
    match protocol gre
    enable
  exit
  rule 110
    action permit
    match protocol tcp
    match destination-port object-group airtune
    enable
  exit
exit
security zone-pair trusted trusted
  rule 1
    action permit
    enable
  exit
exit
security zone-pair trusted untrusted
  rule 1
    action permit
    enable
  exit
exit
security zone-pair untrusted self
  rule 1
    action permit
    match protocol udp
    match source-port object-group dhcp_server
    match destination-port object-group dhcp_client
    enable
  exit
exit
security zone-pair users self
  rule 10
    action permit
    match protocol icmp
    enable
  exit
  rule 11
    action permit
    match protocol vrrp
    enable
  exit
  rule 20
    action permit
    match protocol udp
    match source-port object-group dhcp_client
    match destination-port object-group dhcp_server
    enable
  exit
  rule 30
    action permit
    match protocol tcp
    match destination-port object-group dns
    enable
  exit
  rule 40
    action permit
    match protocol udp
    match destination-port object-group dns
    enable
  exit
exit
security zone-pair users untrusted
  rule 1
    action permit
    enable
  exit
exit

security passwords default-expired

nat source
  ruleset factory
    to zone untrusted
    rule 10
      description "replace 'source ip' by outgoing interface ip address"
      action source-nat interface
      enable
    exit
  exit
exit

ip dhcp-server
ip dhcp-server pool ap-pool
  network 192.168.1.0/24


  address-range 192.168.1.4-192.168.1.254


  default-router 192.168.1.1


  dns-server 192.168.1.1


  option 42 ip-address 192.168.1.1


  vendor-specific


    suboption 12 ascii-text "192.168.1.1"


    suboption 15 ascii-text "https://192.168.1.1:8043"


  exit


exit


ip dhcp-server pool users-pool


  network 192.168.2.0/24


  address-range 192.168.2.4-192.168.2.254


  default-router 192.168.2.1


  dns-server 192.168.2.1


exit


ip dhcp-server failover


  mode active-standby


  enable


exit


softgre-controller


  nas-ip-address 127.0.0.1

failover

  failover
  data-tunnel configuration wlc


  aaa radius-profile default_radius


  keepalive-disable


  service-vlan add 3


  enable


exit
wlc


wlc
  outside-address 192.168.1.1


  service-activator


    aps join auto

exit
airtune
enable
exit
failover

  exit
  airtune
    enable
  exit
  failover
  ap-location default-location


    description "default-location"


    mode tunnel


    ap-profile default-ap


    ssid-profile default-ssid

exit

  exit
  ssid-profile default-ssid


    description "default-ssid"


    ssid "default-ssid"


    radius-profile default-radius


    vlan-id 3


    security-mode WPA2_1X


    802.11kv


    band 2g


    band 5g

enable
exit

    enable
  exit
  ap-profile default-ap


    password ascii-text encrypted 8CB5107EA7005AFF

exit

  exit
  radius-profile default-radius


    auth-address 192.168.1.1


    auth-password ascii-text encrypted 8CB5107EA7005AFF


    domain default

exit

  exit
  ip-pool default-ip-pool


    description "default-ip-pool"


    ap-location default-location

exit
enable
exit

ip ssh server

ntp enable
ntp server 

  exit
  enable
exit

ip ssh server

ntp enable
ntp server 100.110.0.65


exit


crypto-sync


  remote-delete


  enable


exit


Пример настройки WLC-2

Подключаемся к WLC и переходим в режим конфигурирования:

...