《胖AP做出口上网配置(共15页).docx》由会员分享,可在线阅读,更多相关《胖AP做出口上网配置(共15页).docx(15页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、精选优质文档-倾情为你奉上AP做出口上网设备注意事项:不是所有AP都有NAT的功能,需要确认是否支持NAT组网描述:外网(拨号)AP无线终端(192.168.10.0/24)配置步骤:1. 登录设备地 址:192.168.0.50用户名:admin密 码:h3capadmin2. 新建无线网段vlan2网络vlan,新建3. 新建interface vlan 2,地址192.168.10.1设备端口管理,新建4. 创建dhcp服务器,为无线终端分配地址网络DHCP,运营商给了DNS地址就填写运营商给的DNS,没给就填写网关5. 配置上网,以拨号为例(静态ip直接修改interface vlan
2、 1地址即可)网络PPPoE6. 创建aclQoSACL IPv47. 配置NAT,以拨号为例(静态ip接口选择vlan-interface1,其他不变)8. 配置默认路由,以拨号为例(静态ip下一跳输入外网网关即可)9. 创建无线服务,其所属vlan修改为2无线服务接入服务10. 配置完成后不要忘记保存配置完成后,无线终端通过ssid 123连接并获得192.168.10.0网段地址上网命令行信息:dis cu# version 5.20, Release 1508# sysname WAP722E# domain default enable system# telnet server e
3、nable# port-security enable# password-recovery enable# undo attack-defense tcp fragment enable#acl number 2000 rule 0 permit#vlan 1#vlan 2#domain system access-limit disable state active idle-cut disable self-service-url disable#dhcp server ip-pool vlan2 network 192.168.10.0 mask 255.255.255.0 gatew
4、ay-list 192.168.10.1 dns-list 192.168.10.1 expired day 0 hour 2#user-group system group-attribute allow-guest#local-user admin password cipher $c$3$jvHusdA/+2jovz+k0/tBMlWA+oeoRoUCoxGYKJo= authorization-attribute level 3 service-type telnet service-type web#wlan rrm dot11a mandatory-rate 6 12 24 dot
5、11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54#wlan service-template 1 clear ssid H3C service-template enable#wlan service-template 2 crypto ssid 123 cipher-suite ccmp security-ie rs
6、n service-template enable#cwmp undo cwmp enable#interface Dialer10 nat outbound 2000 link-protocol ppp ppp chap user 123 ppp chap password cipher $c$3$gj+V0+H4CkHE6N7cXOi3Il67a1CL5Q= ppp pap local-user 123 password cipher $c$3$4OwWg8nN4s0B8kG11cbg30MOnycEwA= ppp ipcp dns request ip address ppp-negot
7、iate dialer user pppoeclient dialer-group 10 dialer bundle 10#interface NULL0#interface Vlan-interface1 pppoe-client dial-bundle-number 10 ip address 192.168.0.50 255.255.255.0#interface Vlan-interface2 ip address 192.168.10.1 255.255.255.0#interface GigabitEthernet1/0/1#interface GigabitEthernet1/0
8、/2#interface WLAN-BSS32 port link-type hybrid port hybrid vlan 1 untagged#interface WLAN-BSS33 port link-type hybrid port hybrid vlan 1 untagged#interface WLAN-BSS34 port link-type hybrid port hybrid vlan 1 to 2 untagged port hybrid pvid vlan 2 port-security port-mode psk port-security tx-key-type 1
9、1key port-security preshared-key pass-phrase cipher $c$3$XoS+0NX77ZaNCdol742GHh9EuwtRdxRqgxdt#interface WLAN-BSS35 port link-type hybrid port hybrid vlan 1 to 2 untagged port hybrid pvid vlan 2 port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase cipher
10、 $c$3$XoS+0NX77ZaNCdol742GHh9EuwtRdxRqgxdt#interface WLAN-Radio1/0/1 service-template 2 interface wlan-bss 34#interface WLAN-Radio1/0/2 service-template 1 interface wlan-bss 33 service-template 2 interface wlan-bss 35# ip route-static 0.0.0.0 0.0.0.0 Dialer10# dhcp enable# dialer-rule 10 ip permit# arp-snooping enable# load xml-configuration# load tr069-configuration#user-interface con 0user-interface vty 0 4 authentication-mode scheme#return专心-专注-专业