aruba配置手册Word文件下载.docx
- 文档编号:5354616
- 上传时间:2023-05-05
- 格式:DOCX
- 页数:18
- 大小:67.89KB
aruba配置手册Word文件下载.docx
《aruba配置手册Word文件下载.docx》由会员分享,可在线阅读,更多相关《aruba配置手册Word文件下载.docx(18页珍藏版)》请在冰点文库上搜索。
dis-disassembleinstructions
dhcp-invokeDHCPclienttoobtainIP/bootparams
eloop-loopbackreceivedethernetframes
flash-FLASHsub-system
go-startapplicationataddress'
addr'
help-printonlinehelp
mc-memorycopy
md-memorydisplay
mii-MIIsub-system
mtest-simpleRAMtest
netstat-netstatistics
mw-memorywrite
ping-pingnethost
printenv-envdisplay
purgeenv-purgeenv
regs-displayvariousregs
reset-resetprocessor
run-runcommandsinanenvironmentvariable
saveenv-saveenvironmentvariablestopersistentstorage
setenv-setvariableinenv(ipaddr/netmask/gatewayip/master/serverip)
setenvipaddrx.x.x.x
setenvnetmaskx.x.x.x
setenvgatewayipx.x.x.x
setenvserveripx.x.x.x
setenvmasterx.x.x.x
tcpdump-dumpreceivedpackets
tcpsend-sendTCPpacket
tftpboot-bootviatftp
tlb-dumpTLB
trace-dumptracebuffer
version-printmonitorversion
wdog-stoprefreshingwatchdogtimer
Nospanning-tree关闭spanning-tree
Adpdiscoverdisable关闭ADP
Adpimgp-joindisable关闭im-j
一、WEB页面认证
1、wlanssid-profile(staff-ssid-profile):
定义ssid配置文件
1.1essidstaff:
定义ssid下的essid—显示出来的ssid
2、wlanvirtual-ap(staff-vap-profile):
定义virtual-ap的配置文件
2.1ssid-profile(staff-ssid-profile):
在virtual-ap下引用定义过SSID
2.2vlanIDaa,bb:
把virtual-ap加入到要ssid所属VLAN
3、aaaprofilestaff-aaa-profile:
定义AAA认证配置文件
4、aaaserver-group(staff-servergroup):
定义server-group配置文件
4.1auth-serverinternal:
定义认证服务器为本地认证
4.2setroleconditionrolevalue-of设置角色
setrolecondition<
condition>
set-value<
role>
position<
number>
5、aaaauthenticationcaptive-portal(staff-auth-profile):
captive-portal配置
5.1server-groupstaff-servergroup:
在下面引用定义过的server-group
6、user-rolestaff-logon:
定义用户登陆前权限的配文件
6.1access-listsessionlogon-controlposition1定义用户登陆前的权限--位置1
6.2access-listsessioncaptiveportalposition2定义用户登陆前的权限--2
6.3Captive-Portalstaff-auth-profileposition3定义过captive-portal
Re-authenticationinterval480再次认证间隔480秒默认3600秒
7、user-rolevip-role:
定义用户成功登陆后的配置文件
7.1session-aclallowall赋予所有允许权限
session-aclhttp-acl只有http
8、wlanvirtual-apstaff-vap-profile:
进入定义过的virtual-ap配置文件
8.1aaa-profilestaff-aaa-profile:
引用定义过的AAA配置文件
9、ap-groupdefault:
定义ap-group,最好用默认的
9.1virtual-apstaff-vap-profile:
引用定义过的Virtual-ap配置文件
10、aaaprofilestaff-aaa-profile:
进入定义过的AAA配置文件
10.1initial-rolestaff-logon:
把initial-role改为定义过用户登陆前配置
11、aaaauthentication-serverinternaluse-local-switch:
定义认证SERVER为本地交换机
12、local-userdbaddusernamestaffpassword123456rolevip-role:
定义用户的登陆的用户名和密码及权限
二、MAC地址认证配置
1、wlanssid-profile(staff-ssid-profile):
1.1essidstaff:
定义ssid下的essid
2、wlanvirtual-ap(staff-vap-profile):
2.1ssid-profile(staff-ssid-profile):
virtual-ap下引用定义过的SSID配置文件
2.2vlanID:
把virtual-ap加入到要ssid所属的VLAN
3、aaaprofilestaff-aaa-mac-profile:
4、aaaauthenticationmacstaff-mac-profile:
定义mac配置文件
4.1Delimiterdash:
定义mac地址的格式
4.2Caseupper(upper/lower):
定义mac地址的大/小写
备注:
aaaauthenticationmacstaff-mac-profile
clone<
profile>
delimiter{colon|dash|none}
max-authentication-failures数字
aaaauthenticationmacmac-blacklistMAC黑名单
max-authentication-failures5最多认证失败次数
5、aaaserver-group(staff-macservergroup):
5.1auth-serverinternal:
5.2setroleconditionrolevalue-of
6.1access-listsessionlogon-control:
定义用户登陆前的权限
6.2access-listsessioncaptiveportal:
7.1session-aclallowall:
赋予权限
8.1aaa-profilestaff-aaa-mac-profile:
10、aaaprofilestaff-aaa-mac-profile:
10.1initial-rolestaff-logon:
把initial-role改为定义过的用户登陆前的配置文件
10.2authentication-macstaff-mac-profile:
把定义的authenticationmac文件引用
10.3mac-server-groupstaff-macservergroup:
把定义的servergroup加入
12、local-userdbaddusernamemac地址passwordmac地址rolevip-role:
注意:
如果是有线直接连在端口上的话要进行认证必须把连接口设为UNTRUSTED.
同时在设定:
进入aaaauthenticationwired后设定:
profile(staff-aaa-profile)为你设定认证的AAAprofile
Blacklist:
5次错误就拒绝访问
showaaaauthenticationcaptive-portaldefault:
Maxauthenticationfailures改为5次
showaaaauthenticationdot1xdefault:
Maxauthenticationfailures改为5次
1、aaabandwidth-contract"
256"
kbits"
2、aaabandwidth-contract"
kbits256
ipaccess-listsession"
pass"
anyanyanypermitqueuelow
!
user-role"
ap512"
access-list"
position1
bw-contract"
per-userupstream
per-userdownstream
aaabandwidth-contract"
2M-BW"
mbits"
2"
带宽2M控制
aaabandwidth-contract128_upkbits128带宽128k控制
aaabandwidth-contract512kbits512
aaabandwidth-contract64kbits64
aaabandwidth-contract256kbits256
aaabandwidth-contract1mbits1带宽1M控制
aaabandwidth-contract128_upkbits128
user-role128
bw-contract128_upper-userupstream
user-roleap-role
session-aclcontrol
session-aclap-acl
user-rolepre-employee
session-aclallowall
Mastermobilitycontrollerconfiguration
1InitialsetupofAruba-master
2CoreVLANconfigurationandIPaddressing
3CoreVLANportassignment
4LoopbackIPaddress-----interfaceloopbackipaddress设置环回地址
DeployAPs
5配置APVLAN
6配置APVLANDHCPServer
7ConnectArubaAPs
8ProvisioningArubaAPs
9
(Aruba-master)
10User:
admin
11Password:
*****
12(Aruba-master)>
enable
13Password:
******
14
(Aruba-master)#configureterminal
15EnterConfigurationcommands,oneperline.EndwithCNTL/Z
16(Aruba-master)(config)#vlan4
17
18(Aruba-master)(config)#interfacevlan4
19(Aruba-master)(config-subif)#ipaddress192.168.4.254255.255.255.0
20(Aruba-master)(config-subif)#exit
21
(Aruba-master)(config-if)#writememory
22SavingConfiguration...
23
(Aruba-master)(config-range)#showvlan
VLANCONFIGURATION
------------------
VLANNamePorts
-------------
1DefaultFa2/0-23Gig2/24Gig2/25
5VLAN0004
(Aruba-master)(config)#interfacerangefastethernet2/0-23
(Aruba-master)(config-range)#switchportaccessvlan4
(Aruba-master)(config-range)#exit
(Aruba-master)(config)#interfacerangegigabitethernet2/24-25
(Aruba-master)(config-range)#switchportaccessvlan4
1Default
5VLAN0004Fa2/0-23Gig2/24Gig2/25
(Aruba-master)(config-if)#writem
SavingConfiguration...
ipdhcppool"
userpool"
定义pool的名字
default-router192.168.11.254定义默认路由网关—loopback地址
dns-server192.168.11.254---202.106.0.20定义DNS网关
lease800
network192.168.11.0255.255.255.0
servicedhcp启动dhcp
interfacegigabitethernet1/1
nomuxport
switchportmodetrunk
ipdefault-gateway192.168.0.254
interfacevlan1
noipaddress
noipigmp
noswitchportaccessvlan
192.168.0.100"
(Aruba800-4)(config)#showipinterfacebrief
InterfaceIPAddress/IPNetmaskAdminProtocol
vlan1172.16.0.254/255.255.255.0upup
vlan10192.168.0.1/255.255.255.0upup
vlan30192.168.30.200/255.255.255.0upup
loopbackunassigned/unassignedupup
(Aruba800-4)(config)#rfarm-profiledefault----------关闭ARM后调整channel---ok
(Aruba800-4)(AdaptiveRadioManagement(ARM)profile"
)#assignmentdisable
)#noscan
)#writememory
rfdot11g-radio-profile"
tx-power20------------------------发射功率调整
channel11------------------------调整AP信道
interfacevlan20
ipaddress192.168.0.1255.255.255.0
ipnatinside
存配置:
24(Aruba2400)#configuret
25(Aruba2400)(config)#copytftp:
172.16.0.100aruba2400-0904.cfgflash:
2400.bak
26(Aruba2400)(config)#copyflash:
2400.bakflash:
2400.cfg
27(Aruba2400)#copyrunning-configtftp:
192.168.4.100aruba2400-0904.cfg
Radius配置:
aaaauthentication-serverradiusRadius1
host<
ipaddr>
key<
key>
aaaserver-groupcorpnet
auth-serverRadius1
dot1x配置:
aaaauthenticationdot1xcorpnet
aaaprofilecorpnet
authentication-dot1xcorpnet
dot1x-default-roleemployee
dot1x-server-groupcorpnet
virtualAP:
wlanssid-profilecorpnet
essidCorpnet
opmodewpa2-aes
wlanvirtual-apcorpnet
vlan1
aaa-profilecorpnet
ssid-profilecorpnet
ap-groupdefault
virtual-apcorpnet
时间设定:
time-rangeworkhoursperiodic周期
weekday09:
00to17:
00
ipaccess-listsessionrestricted受限制
anyanysvc-httppermittime-rangeworkhours
anyanysvc-httpspermittime-rangeworkhours
user-roleguest
session-aclrestricted
mesh设置:
apmesh-radio-profile<
profile-name>
11a-portal-channel<
11a-portal-channel>
11g-portal-channel<
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- aruba 配置 手册