...
| Блок кода |
|---|
|
vlan database
vlan 10
exit
!
hostname MES01MES09
!
interface gigabitethernet1/0/1
switchport mode general
switchport general allowed vlan add 10 untagged
switchport general pvid 10
switchport forbidden default-vlan
exit
!
interface gigabitethernet1/0/2
switchport mode general
switchport general allowed vlan add 10 untagged
switchport general pvid 10
switchport forbidden default-vlan
exit
!
interface gigabitethernet1/0/3
switchport mode general
switchport general allowed vlan add 10 untagged
switchport general pvid 10
switchport forbidden default-vlan
exit
!
interface gigabitethernet1/0/4
switchport mode general
switchport general allowed vlan add 10 untagged
exit
!
interface vlan 10
ip address 10.10.2.211219 255.255.255.0
exit
!
!
end
|
...
| Без форматирования |
|---|
ip dhcp relay address 10.10.2.254
ip dhcp relay enable
vlan database
vlan 20012009, 20112019, 20212029
exit
interface gigabitethernet1/0/1
switchport general allowed vlan add 20112019 tagged
exit
interface gigabitethernet1/0/2
ip dhcp relay enable
switchport mode general
switchport general allowed vlan add 20212029 tagged
switchport general allowed vlan add 20012009 untagged
switchport general pvid 20012009
switchport forbidden default-vlan
exit
interface vlan 20012009
ip address 192.168.101109.1 /24
ip dhcp relay enable
exit
interface vlan 20112019
ip address 172.16.101109.5 /28
ip dhcp relay enable
exit
interface vlan 20212029
ip address 100.64.101109.1 /24
ip dhcp relay enable
exit
|
...
| Блок кода |
|---|
| language | text |
|---|
| title | Конфигурация |
|---|
| collapse | true |
|---|
|
hostname ESR01ESR09
vlan 10
exit
bridge 1
description "UpLink"
vlan 10
ip firewall disable
ip address 10.10.2.151159/24
enable
exit
interface gigabitethernet 1/0/1
mode switchport
switchport forbidden default-vlan
switchport mode trunk
switchport trunk native-vlan 10
exit
security passwords history 0
ip telnet server
ip ssh server |
...
| Без форматирования |
|---|
hostname ESR01
object-group service dhcp_server
port-range 67
exit
object-group service dhcp_client
port-range 68
exit
object-group service ssh
port-range 22
exit
object-group service telnet
port-range 23
exit
object-group service ntp
port-range 123
exit
object-group network MGMT
ip prefix 10.10.2.0/24
ip prefix 172.31.101109.0/24
ip prefix 172.16.101109.0/28
exit
object-group network nat_users
ip prefix 100.64.19.0/24
exit
radius-server timeout 10
radius-server host 10.10.2.254
key ascii-text testing123
timeout 11
source-address 10.10.2.151159
auth-port 31812
acct-port 31813
retransmit 2
dead-interval 10
exit
aaa radius-profile PCRF
radius-server host 10.10.2.254
exit
das-server COA
key ascii-text testing123
port 3799
clients object-group MGMT
exit
aaa das-profile COA
das-server COA
exit
vlan 10,2011
exit
no spanning-tree
domain lookup enable
domain name-server 77.88.8.8
security zone trusted
exit
security zone untrusted
exit
security zone user
exit
security zone gre
exit
bridge 1
description "UpLink"
vlan 10
security-zone untrusted
ip firewall disable
ip address 10.10.2.151159/24
enable
exit
bridge 2
description "GRE_termination"
vlan 2011
security-zone gre
ip firewall disable
ip address 172.16.101109.1/28
ip address 172.16.101109.2/28
enable
exit
bridge 3
description "AP_MANAGMENT"
security-zone trusted
ip firewall disable
ip address 172.31.101109.1/24
ip helper-address 10.10.2.254
ip tcp adjust-mss 1418
protected-ports local
enable
exit
bridge 10
description "AP_SSID1_USERS"
security-zone user
ip firewall disable
ip address 100.64.19.1/24
ip helper-address 10.10.2.254
ip tcp adjust-mss 1418
location data10
protected-ports local
enable
exit
interface gigabitethernet 1/0/1
mode switchport
switchport forbidden default-vlan
switchport mode trunk
switchport trunk native-vlan 10
switchport trunk allowed vlan add 2011
exit
tunnel softgre 1
description "managment"
mode management
local address 172.16.101109.1
default-profile
enable
exit
tunnel softgre 1.1
bridge-group 3
enable
exit
tunnel softgre 2
description "data"
mode data
local address 172.16.101109.2
default-profile
enable
exit
snmp-server
snmp-server system-shutdown
snmp-server community "public" ro
snmp-server community "private" rw
snmp-server host 10.10.2.254
exit
snmp-server enable traps config
snmp-server enable traps config commit
snmp-server enable traps config confirm
snmp-server enable traps environment
snmp-server enable traps environment fan
snmp-server enable traps environment fan-speed-changed
snmp-server enable traps environment fan-speed-high
snmp-server enable traps environment memory-flash-critical-low
snmp-server enable traps environment memory-flash-low
snmp-server enable traps environment memory-ram-critical-low
snmp-server enable traps environment memory-ram-low
snmp-server enable traps environment cpu-load
snmp-server enable traps environment cpu-critical-temp
snmp-server enable traps environment cpu-overheat-temp
snmp-server enable traps environment cpu-supercooling-temp
snmp-server enable traps environment board-overheat-temp
snmp-server enable traps environment board-supercooling-temp
snmp-server enable traps file-operations
snmp-server enable traps file-operations successful
snmp-server enable traps file-operations failed
snmp-server enable traps file-operations canceled
snmp-server enable traps interfaces
snmp-server enable traps interfaces rx-utilization-high
snmp-server enable traps interfaces tx-utilization-high
snmp-server enable traps interfaces number-high
snmp-server enable traps screen
snmp-server enable traps screen dest-limit
snmp-server enable traps screen source-limit
snmp-server enable traps screen icmp-threshold
snmp-server enable traps screen udp-threshold
snmp-server enable traps screen syn-flood
snmp-server enable traps screen land
snmp-server enable traps screen winnuke
snmp-server enable traps screen icmp-frag
snmp-server enable traps screen udp-frag
snmp-server enable traps screen icmp-large
snmp-server enable traps screen syn-frag
snmp-server enable traps screen unknown-proto
snmp-server enable traps screen ip-frag
snmp-server enable traps screen port-scan
snmp-server enable traps screen ip-sweep
snmp-server enable traps screen syn-fin
snmp-server enable traps screen fin-no-ack
snmp-server enable traps screen no-flag
snmp-server enable traps screen spoofing
snmp-server enable traps screen reserved
snmp-server enable traps screen quench
snmp-server enable traps screen echo-request
snmp-server enable traps screen time-exceeded
snmp-server enable traps screen unreachable
snmp-server enable traps screen tcp-all-flags
snmp-server enable traps entity
snmp-server enable traps entity config-change
snmp-server enable traps entity-sensor
snmp-server enable traps entity-sensor threshold
snmp-server enable traps envmon
snmp-server enable traps envmon fan
snmp-server enable traps envmon shutdown
snmp-server enable traps envmon temperature
snmp-server enable traps flash
snmp-server enable traps flash insertion
snmp-server enable traps flash removal
snmp-server enable traps snmp
snmp-server enable traps snmp authentication
snmp-server enable traps snmp coldstart
snmp-server enable traps snmp linkdown
snmp-server enable traps snmp linkup
snmp-server enable traps syslog
security zone-pair gre self
rule 1
action permit
match protocol gre
enable
exit
rule 2
action permit
match protocol icmp
enable
exit
exit
security zone-pair trusted self
rule 1
action permit
match source-address MGMT
enable
exit
exit
security zone-pair trusted trusted
rule 1
action permit
match source-address MGMT
enable
exit
exit
security zone-pair trusted user
rule 1
action permit
enable
exit
exit
security zone-pair trusted gre
rule 1
action permit
enable
exit
exit
security zone-pair user self
rule 1
action permit
match protocol udp
match source-port dhcp_client
match destination-port dhcp_server
enable
exit
exit
security zone-pair user trusted
rule 1
action permit
match protocol udp
match source-port dhcp_client
match destination-port dhcp_server
enable
exit
exit
security zone-pair user untrusted
rule 1
action permit
enable
exit
exit
security zone-pair untrusted self
rule 1
action permit
match source-address MGMT
enable
exit
exit
security passwords history 0
nat source
ruleset nat_ALL
to interface bridge 1
rule 1
match source-address nat_users
match not destination-address MGMT
action source-nat interface
enable
exit
exit
exit
ip dhcp-relay
ip route 0.0.0.0/0 10.10.2.1
ip route 192.168.101109.0/24 172.16.101109.5
wireless-controller
nas-ip-address 10.10.2.151159
data-tunnel configuration radius
aaa das-profile COA
aaa radius-profile PCRF
enable
exit
ip telnet server
ip ssh server
ntp enable
ntp server 10.10.2.254
exit
|
...
| Без форматирования |
|---|
#------------------------Stend 1------------------------------------------------
#Подсеть первичных адресов ТД в vlan 20012009
subnet 192.168.101109.0 netmask 255.255.255.0 {
pool {
option routers 192.168.101109.1;
range 192.168.101109.10 192.168.101109.254;
option vendor-encapsulated-options 0B:0C:31:37:32:2E:31:36:2E:31:30:3139:2E:31:0C:0C:31:37:32:2E:31:36:2E:31:30:3139:2E:32;
allow members of "ELTEX-DEVICES";
}
}
#Подсеть управления ТД в ESR-1ESR09
subnet 172.31.101109.0 netmask 255.255.255.0 {
pool {
option routers 172.31.101109.1;
range 172.31.101109.10 172.31.101109.254;
option vendor-encapsulated-options 0A:0B:31:30:2E:31:30:2E:32:2E:32:35:34;
allow members of "ELTEX-DEVICES";
option domain-name-servers 172.31.101109.1;
}
}
#Подсеть пользователей ТД SSID1 ESR-1 (in GRE)
subnet 100.64.19.0 netmask 255.255.255.0 {
pool {
option routers 100.64.19.1;
range 100.64.19.10 100.64.19.254;
option domain-name-servers 100.64.19.1;
}
}
#Подсеть пользователей ТД SSID2 (local switching)
subnet 100.64.101109.0 netmask 255.255.255.0 {
pool {
option routers 100.64.101109.1;
range 100.64.101109.10 100.64.101109.254;
option domain-name-servers 100.64.101109.1;
}
}
|
Конфигурация обратных маршрутов для сервера SoftWLC:
| Без форматирования |
|---|
#ip route stend 1
ip route add 192.168.101109.0/24 via 10.10.2.211219
ip route add 172.31.101109.0/24 via 10.10.2.151159
ip route add 100.64.19.0/24 via 10.10.2.151159
ip route add 100.64.101109.0/24 via 10.10.2.151159
|
Добавление ESR в дерево EMS
...