aruba配置手册

幻夕
2 ℃
2020-01-11

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

wlanssid-profiledefaultwpa-passphrase1234567890---tkip设置provision-apcopy-provisioning-paramsip-addr192.168.102.250provision-apnoipaddrprovision-apa-ant-gain2provision-apg-ant-gain2provision-apa-antenna1provision-apg-antenna1provision-apexternal-antennaprovision-apmaster192.168.102.100provision-apserver-ip192.168.102.100provision-apap-groupdefaultprovision-apap-name00:0b:86:cb:bd:62provision-apnosyslocationprovision-apfqlnprovision-apreprovisionip-addr192.168.102.250interfaceloopbackipaddress192.168.30.200apboothelpboot-runbootcmdorbootAPimageorelffileorfromflashcd-cfgregisterdisplaycw-cfgregisterwritedis-disassembleinstructionsdhcp-invokeDHCPclienttoobtainIP/bootparamseloop-loopbackreceivedethernetframesflash-FLASHsub-systemgo-startapplicationataddress'addr'help-printonlinehelpmc-memorycopymd-memorydisplaymii-MIIsub-systemmtest-simpleRAMtestnetstat-netstatisticsmw-memorywriteping-pingnethostprintenv-envdisplaypurgeenv-purgeenvregs-displayvariousregsreset-resetprocessorrun-runcommandsinanenvironmentvariablesaveenv-saveenvironmentvariablestopersistentstoragesetenv-setvariableinenv(ipaddr/netmask/gatewayip/master/serverip)setenvipaddrx.x.x.xsetenvnetmaskx.x.x.xsetenvgatewayipx.x.x.xsetenvserveripx.x.x.xsetenvmasterx.x.x.xtcpdump-dumpreceivedpacketstcpsend-sendTCPpackettftpboot-bootviatftptlb-dumpTLBtrace-dumptracebufferversion-printmonitorversionwdog-stoprefreshingwatchdogtimerapbootNospanning-tree关闭spanning-treeAdpdiscoverdisable关闭ADPAdpimgp-joindisable关闭im-j一、WEB页面认证1、wlanssid-profile(staff-ssid-profile)：定义ssid配置文件1.1essidstaff：定义ssid下的essid—显示出来的ssid2、wlanvirtual-ap(staff-vap-profile)：定义virtual-ap的配置文件2.1ssid-profile(staff-ssid-profile):在virtual-ap下引用定义过SSID2.2vlanIDaa，bb:把virtual-ap加入到要ssid所属VLAN3、aaaprofilestaff-aaa-profile：定义AAA认证配置文件4、aaaserver-group(staff-servergroup)：定义server-group配置文件4.1auth-serverinternal：定义认证服务器为本地认证4.2setroleconditionrolevalue-of设置角色setroleconditionconditionset-valuerolepositionnumber5、aaaauthenticationcaptive-portal(staff-auth-profile)：captive-portal配置5.1server-groupstaff-servergroup：在下面引用定义过的server-group6、user-rolestaff-logon：定义用户登陆前权限的配文件6.1access-listsessionlogon-controlposition1定义用户登陆前的权限--位置16.2access-listsessioncaptiveportalposition2定义用户登陆前的权限--26.3Captive-Portalstaff-auth-profileposition3定义过captive-portalRe-authenticationinterval480再次认证间隔480秒默认3600秒7、user-rolevip-role：定义用户成功登陆后的配置文件7.1session-aclallowall赋予所有允许权限session-aclhttp-acl只有http8、wlanvirtual-apstaff-vap-profile：进入定义过的virtual-ap配置文件8.1aaa-profilestaff-aaa-profile：引用定义过的AAA配置文件9、ap-groupdefault：定义ap-group，最好用默认的9.1virtual-apstaff-vap-profile：引用定义过的Virtual-ap配置文件10、aaaprofilestaff-aaa-profile：进入定义过的AAA配置文件10.1initial-rolestaff-logon：把initial-role改为定义过用户登陆前配置11、aaaauthentication-serverinternaluse-local-switch：定义认证SERVER为本地交换机12、local-userdbaddusernamestaffpassword123456rolevip-role:定义用户的登陆的用户名和密码及权限二、MAC地址认证配置1、wlanssid-profile(staff-ssid-profile)：定义ssid配置文件1.1essidstaff：定义ssid下的essid2、wlanvirtual-ap(staff-vap-profile)：定义virtual-ap的配置文件2.1ssid-profile(staff-ssid-profile):virtual-ap下引用定义过的SSID配置文件2.2vlanID:把virtual-ap加入到要ssid所属的VLAN3、aaaprofilestaff-aaa-mac-profile：定义AAA认证配置文件4、aaaauthenticationmacstaff-mac-profile:定义mac配置文件4.1Delimiterdash：定义mac地址的格式4.2Caseupper（upper/lower）：定义mac地址的大/小写备注：aaaauthenticationmacstaff-mac-profilecloneprofiledelimiter{colon|dash|none}max-authentication-failures数字aaaauthenticationmacmac-blacklistMAC黑名单max-authentication-failures5最多认证失败次数5、aaaserver-group(staff-macservergroup)：定义server-group配置文件5.1auth-serverinternal：定义认证服务器为本地认证5.2setroleconditionrolevalue-of6、user-rolestaff-logon：定义用户登陆前权限的配文件6.1access-listsessionlogon-control：定义用户登陆前的权限6.2access-listsessioncaptiveportal：定义用户登陆前的权限7、user-rolevip-role：定义用户成功登陆后的配置文件7.1session-aclallowall：赋予权限8、wlanvirtual-apstaff-vap-profile：进入定义过的virtual-ap配置文件8.1aaa-profilestaff-aaa-mac-profile：引用定义过的AAA配置文件9、ap-groupdefault：定义ap-group，最好用默认的9.1virtual-apstaff-vap-profile：引用定义过的Virtual-ap配置文件10、aaaprofilestaff-aaa-mac-profile：进入定义过的AAA配置文件10.1initial-rolestaff-logon：把initial-role改为定义过的用户登陆前的配置文件10.2authentication-macstaff-mac-profile:把定义的authenticationmac文件引用10.3mac-server-groupstaff-macservergroup:把定义的servergroup加入11、aaaauthentication-serverinternaluse-local-switch：定义认证SERVER为本地交换机12、local-userdbaddusernamemac地址passwordmac地址rolevip-role:定义用户的登陆的用户名和密码及权限注意：如果是有线直接连在端口上的话要进行认证必须把连接口设为UNTRUSTED.同时在设定：进入aaaauthenticationwired后设定：profile(staff-aaa-profile)为你设定认证的AAAprofileBlacklist：5次错误就拒绝访问showaaaauthenticationcaptive-portaldefault：Maxauthenticationfailures改为5次showaaaauthenticationdot1xdefault：Maxauthenticationfailures改为5次1、aaabandwidth-contract256kbits2562、aaabandwidth-contract256kbits256ipaccess-listsessionpassanyanyanypermitqueuelow!user-roleap512access-listpassposition1bw-contract256per-userupstreambw-contract256per-userdownstreamaaabandwidth-contract2M-BWmbits2带宽2M控制aaabandwidth-contract128_upkbits128带宽128k控制aaabandwidth-contract512kbits512aaabandwidth-contract64kbits64aaabandwidth-contract256kbits256aaabandwidth-contract1mbits1带宽1M控制aaabandw