华为无线设备配置基于ACL的报文过滤(华为交换机配置acl命令过滤端口)

网友投稿 1498 2022-09-15


华为无线设备配置基于ACL的报文过滤(华为交换机配置acl命令过滤端口)

1. 配置LSW和AC,使AP与AC之间能够传输CAPWAP报文

[LSW1]vlan batch 100

[LSW1-GigabitEthernet0/0/1]port link-type trunk

[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100

[LSW1-GigabitEthernet0/0/2]port link-type trunk

[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100

[LSW1-GigabitEthernet0/0/2]port trunk pvid vlan 100

[AC1]vlan batch 100 101

[AC1-GigabitEthernet0/0/1]port link-type trunk

[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100

2. 配置AC与上层网络设备互通

[AC1-GigabitEthernet0/0/2]port link-type trunk

[AC1-GigabitEthernet0/0/2]port trunk allow-pass vlan 101

3. 配置AC作为DHCP服务器,为STA和AP分配IP地址

[AC1]dhcp enable

[AC1-Vlanif100]ip add 10.1.100.1 24

[AC1-Vlanif100]dhcp select interface

[AC1-Vlanif100]int Vlanif 101

[AC1-Vlanif101]ip add 10.1.101.1 24

[AC1-Vlanif101]dhcp select interface

4. 配置AP上线

[AC1-wlan-view]ap-group name ap-group1  //创建AP组

[AC1-wlan-view]regulatory-domain-profile name domain1  //创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板

[AC1-wlan-regulate-domain-domain1]country-code cn

[AC1-wlan-view]ap-group name ap-group1

[AC1-wlan-ap-group-ap-group1]regulatory-domain-profile domain1

[AC1]capwap source interface Vlanif 100  //配置AC的源接口

[AC1]wlan

[AC1-wlan-view]ap auth-mode mac-auth  //在AC上离线导入AP,并将AP加入AP组

[AC1-wlan-view]ap-id 0 ap-mac 00e0-fc60-4940

[AC1-wlan-ap-0]ap-name ap1

[AC1-wlan-ap-0]ap-group ap-group1

5. 配置WLAN业务参数

[AC1-wlan-view]security-profile name wlan-security  //创建安全模板,并配置安全策略

[AC1-wlan-sec-prof-wlan-security]security wpa2 psk pass-phrase abc@1234 aes

[AC1-wlan-view]ssid-profile name wlan-ssid  //创建SSID模板,并配置SSID名称

[AC1-wlan-ssid-prof-wlan-ssid]ssid wlan-net

[AC1-wlan-view]vap-profile name wlan-vap  //创建VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板和SSID模板

[AC1-wlan-vap-prof-wlan-vap]forward-mode tunnel

[AC1-wlan-vap-prof-wlan-vap]service-vlan vlan-id 101

[AC1-wlan-vap-prof-wlan-vap]security-profile wlan-security

[AC1-wlan-vap-prof-wlan-vap]ssid-profile wlan-ssid

[AC1-wlan-view]ap-group name ap-group1  //配置AP组引用VAP模板,AP上射频0和射频1都使用VAP模板的配置

[AC1-wlan-ap-group-ap-group1]vap-profile wlan-vap wlan 1 radio all

6. 配置AP射频的信道和功率

[AC1-wlan-view]rrm-profile name default  //关闭射频的信道和功率自动调优功能

[AC1-wlan-rrm-prof-default]calibrate auto-channel-select disable

[AC1-wlan-rrm-prof-default]calibrate auto-txpower-select disable

[AC1-wlan-view]ap-id 0  //配置AP射频0的信道和功率

[AC1-wlan-ap-0]radio 0

[AC1-wlan-radio-0/0]channel 20mhz 6

[AC1-wlan-radio-0/0]eirp 127

[AC1-wlan-ap-0]radio 1  //配置AP射频1的信道和功率

[AC1-wlan-radio-0/1]channel 20mhz 149

[AC1-wlan-radio-0/1]eirp 127

7. 配置WMM功能和Airtime调度

[AC1-wlan-view]radio-2g-profile name wlan-radio2g  //创建2G射频模板,并配置WMM功能使视频业务优先使用网络带宽

[AC1-wlan-radio-2g-prof-wlan-radio2g]wmm edca-ap ac-vo ecw ecwmin 3 ecwmax 4 txoplimit 94

[AC1-wlan-radio-2g-prof-wlan-radio2g]wmm edca-ap ac-vi ecw ecwmin 2 ecwmax 3 txoplimit 47

[AC1-wlan-view]ap-group name ap-group1  //在AP组中引用2G射频模板

[AC1-wlan-ap-group-ap-group1]radio-2g-profile wlan-radio2g radio all

[AC1-wlan-view]ssid-profile name wlan-ssid  //进入SSID模板,并配置WMM功能使视频业务优先使用网络带宽

[AC1-wlan-ssid-prof-wlan-ssid]wmm edca-client ac-vo ecw ecwmin 3 ecwmax 4 txoplimit 94

[AC1-wlan-ssid-prof-wlan-ssid]wmm edca-client ac-vi ecw ecwmin 2 ecwmax 3 txoplimit 47

[AC1-wlan-view]rrm-profile name rrm  //创建RRM模板,使能Airtime调度功能

[AC1-wlan-rrm-prof-rrm]airtime-fair-schedule enable

[AC1-wlan-view]radio-2g-profile name wlan-radio2g  //在2G射频模板中引用RRM模板

[AC1-wlan-radio-2g-prof-wlan-radio2g]rrm-profile rrm

8. 配置基于ACL的报文过滤

[AC1]acl 3001  //配置符合要求的高级ACL

[AC1-acl-adv-3001]rule deny ip source 10.1.100.10 0 destination 10.1.100.11 0

[AC1-wlan-view]traffic-profile name traffic

[AC1-wlan-traffic-prof-traffic]traffic-filter inbound ipv4 acl 3001

9. 配置优先级映射关系

[AC1-wlan-view]traffic-profile name traffic  //创建流量模板,并配置优先级映射关系

[AC1-wlan-traffic-prof-traffic]priority-map downstream trust dscp

downstream dscp 48 to 55 dot11e 4

[AC1-wlan-traffic-prof-traffic]priority-map downstream dscp 56 to 63 dot11e 5

[AC1-wlan-traffic-prof-traffic]priority-map downstream dscp 32 to 39 dot11e 6

[AC1-wlan-traffic-prof-traffic]priority-map downstream dscp 40 to 47 dot11e 7

[AC1-wlan-traffic-prof-traffic]priority-map tunnel-upstream trust dot11e

[AC1-wlan-traffic-prof-traffic]priority-map tunnel-upstream dot11e 6 dscp 32

[AC1-wlan-traffic-prof-traffic]priority-map tunnel-upstream dot11e 7 dscp 40

[AC1-wlan-traffic-prof-traffic]priority-map tunnel-upstream dot11e 4 dscp 48

[AC1-wlan-traffic-prof-traffic]priority-map tunnel-upstream dot11e 5 dscp 56

[AC1-wlan-traffic-prof-traffic]rate-limit client up 2048  //配置流量监管参数

[AC1-wlan-traffic-prof-traffic]rate-limit vap up 30720

[AC1-wlan-view]vap-profile name wlan-vap  //在VAP模板中绑定流量模板

[AC1-wlan-vap-prof-wlan-vap]traffic-profile traffic


版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

标签:接口 安全 配置
上一篇:程序员第一课“hello word”,你知道网工第一课吗?(程序员的7堂职场课)
下一篇:解决java连接zookeeper很慢的问题
相关文章

 发表评论

暂时没有评论,来抢沙发吧~