(Aruba800) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
Enter Configuration commands, one per line. End with CNTL/Z
(Aruba800) (config) #interface loopback
(Aruba800) (config-loop)#ip address 1.1.1.1
Switch IP Address is Modified. Switch should be rebooted now
(Aruba800) (config-loop)#exit
(Aruba800) (config) #no spanning-tree
(Aruba800) (config) #telnet soe //開啓ap的soe功能(可以通過控制器telnet到ap上)
(Aruba800) (config) #vlan 10 //創建ap vlan
(Aruba800) (config) #vlan 100 //創建用戶 vlan
(Aruba800) (config) #interface vlan 10
(Aruba800) (config-subif)#ip address 10.0.0.1 255.255.255.0
(Aruba800) (config-subif)#no shutdown
(Aruba800) (config-subif)#interface vlan 100
(Aruba800) (config-subif)#ip address 192.168.100.1 255.255.255.0
(Aruba800) (config-subif)#no shutdown
(Aruba800) (config-subif)#exit
(Aruba800) (config) #ip dhcp pool ap-pool //ap地址池
(Aruba800) (config-dhcp)#network 10.0.0.0 255.255.255.0
(Aruba800) (config-dhcp)#default-router 10.0.0.1
(Aruba800) (config-dhcp)#exit
(Aruba800) (config) #ip dhcp pool user-pool //用戶地址池
(Aruba800) (config-dhcp)#network 192.168.100.0 255.255.255.0
(Aruba800) (config-dhcp)#dns-server 192.168.100.1
(Aruba800) (config-dhcp)#default-router 192.168.100.1
(Aruba800) (config-dhcp)#exit
(Aruba800) (config) #ip dhcp excluded-address 10.0.0.1 10.0.0.10
(Aruba800) (config) #ip dhcp excluded-address 192.168.100.1 192.168.100.10
(Aruba800) (config) #exit
(Aruba800) #configure t
Enter Configuration commands, one per line. End with CNTL/Z
(Aruba800) (config-loop)#ip address 1.1.1.1
Switch IP Address is Modified. Switch should be rebooted now
(Aruba800) (config-loop)#exit
(Aruba800) (config) #no spanning-tree
(Aruba800) (config) #telnet soe //開啓ap的soe功能(可以通過控制器telnet到ap上)
(Aruba800) (config) #vlan 10 //創建ap vlan
(Aruba800) (config) #vlan 100 //創建用戶 vlan
(Aruba800) (config) #interface vlan 10
(Aruba800) (config-subif)#ip address 10.0.0.1 255.255.255.0
(Aruba800) (config-subif)#no shutdown
(Aruba800) (config-subif)#interface vlan 100
(Aruba800) (config-subif)#ip address 192.168.100.1 255.255.255.0
(Aruba800) (config-subif)#no shutdown
(Aruba800) (config-subif)#exit
(Aruba800) (config) #ip dhcp pool ap-pool //ap地址池
(Aruba800) (config-dhcp)#network 10.0.0.0 255.255.255.0
(Aruba800) (config-dhcp)#default-router 10.0.0.1
(Aruba800) (config-dhcp)#exit
(Aruba800) (config) #ip dhcp pool user-pool //用戶地址池
(Aruba800) (config-dhcp)#network 192.168.100.0 255.255.255.0
(Aruba800) (config-dhcp)#dns-server 192.168.100.1
(Aruba800) (config-dhcp)#default-router 192.168.100.1
(Aruba800) (config-dhcp)#exit
(Aruba800) (config) #ip dhcp excluded-address 10.0.0.1 10.0.0.10
(Aruba800) (config) #ip dhcp excluded-address 192.168.100.1 192.168.100.10
(Aruba800) (config) #exit
(Aruba800) #configure t
Enter Configuration commands, one per line. End with CNTL/Z
(Aruba800) (config) #interface range fastethernet 1/0-7
(Aruba800) (config-range) # switchport access vlan 10
(Aruba800) (config-range) #interface gigabitethernet 1/8
(Aruba800) (config-if)#switchport access vlan 10
(Aruba800) (config-if)#exit
(Aruba800) (config) #wlan ssid-profile lee //創建ssid
(Aruba800) (SSID Profile "lee") #essid lee
(Aruba800) (SSID Profile "lee") #wepkey1 1111111111
(Aruba800) (config-range) # switchport access vlan 10
(Aruba800) (config-range) #interface gigabitethernet 1/8
(Aruba800) (config-if)#switchport access vlan 10
(Aruba800) (config-if)#exit
(Aruba800) (config) #wlan ssid-profile lee //創建ssid
(Aruba800) (SSID Profile "lee") #essid lee
(Aruba800) (SSID Profile "lee") #wepkey1 1111111111
(Aruba800) (SSID Profile "lee") #opmode static-wep //加密方式
(Aruba800) (SSID Profile "lee") #exit
(Aruba800) (config) #wlan virtual-ap lee //創建 virtual-ap
(Aruba800) (Virtual AP profile "lee") #vlan 100
(Aruba800) (Virtual AP profile "lee") #ssid-profile lee //把ssid附加到virtual-ap 上
(Aruba800) (Virtual AP profile "lee") #exit
(Aruba800) (config) #ap-group lee //創建 ap組
(Aruba800) (SSID Profile "lee") #exit
(Aruba800) (config) #wlan virtual-ap lee //創建 virtual-ap
(Aruba800) (Virtual AP profile "lee") #vlan 100
(Aruba800) (Virtual AP profile "lee") #ssid-profile lee //把ssid附加到virtual-ap 上
(Aruba800) (Virtual AP profile "lee") #exit
(Aruba800) (config) #ap-group lee //創建 ap組
(Aruba800) (AP group "lee") #virtual-ap lee //把virtual-ap附加到ap組上
(Aruba800) (AP group "lee") #exit
(Aruba800) (config) #show ap active
(Aruba800) (AP group "lee") #exit
(Aruba800) (config) #show ap active
Active AP Table
---------------
Name Group IP Address 11g Clients 11g Ch/Pwr 11a Clients 11a Ch/Pwr AP Type Flags Uptime
---- ----- ---------- ----------- ---------- ----------- ---------- ------- ----- ------
---------------
Name Group IP Address 11g Clients 11g Ch/Pwr 11a Clients 11a Ch/Pwr AP Type Flags Uptime
---- ----- ---------- ----------- ---------- ----------- ---------- ------- ----- ------
Flags: R = Remote AP; P = PPPOE; E = Wired AP enabled; A = Enet1 in active/standby mode;
L = Active Load Balancing Enabled; D = Disconn. Extra Calls On; B = Battery Boost On
X = Maintenance Mode; d = Drop Mcast/Bcast On
L = Active Load Balancing Enabled; D = Disconn. Extra Calls On; B = Battery Boost On
X = Maintenance Mode; d = Drop Mcast/Bcast On
Num APs:0
(Aruba800) (config) #show ip dhcp binding
Dhcp not ready for show, please configure and try in 5 seconds
Dhcp not ready for show, please configure and try in 5 seconds
(Aruba800) (config) #service dhcp
(Aruba800) (config) #service dhcp
(Aruba800) (config) #show ip dhcp binding
No bindings found
(Aruba800) (config) #service dhcp
(Aruba800) (config) #show ip dhcp binding
No bindings found
(Aruba800) (config) #show ip dhcp binding
lease 10.0.0.254 {
starts Fri Aug 01 12:45:48 2008;
ends Sat Aug 02 00:45:48 2008;
binding state active;
next binding state free;
hardware ethernet 00:0b:86:c0:d0:3c;
uid "\001\000\013\206\300\320<";
}//可以看到ap已經分到地址了
starts Fri Aug 01 12:45:48 2008;
ends Sat Aug 02 00:45:48 2008;
binding state active;
next binding state free;
hardware ethernet 00:0b:86:c0:d0:3c;
uid "\001\000\013\206\300\320<";
}//可以看到ap已經分到地址了
(Aruba800) (config) #show ap active
Active AP Table
---------------
Name Group IP Address 11g Clients 11g Ch/Pwr 11a Clients 11a Ch/Pwr AP Type Flags Uptime
---- ----- ---------- ----------- ---------- ----------- ---------- ------- ----- ------
00:0b:86:c0:d0:3c default 10.0.0.254 0 AP:1/21 0 AP:149/15 65 18s
---------------
Name Group IP Address 11g Clients 11g Ch/Pwr 11a Clients 11a Ch/Pwr AP Type Flags Uptime
---- ----- ---------- ----------- ---------- ----------- ---------- ------- ----- ------
00:0b:86:c0:d0:3c default 10.0.0.254 0 AP:1/21 0 AP:149/15 65 18s
Flags: R = Remote AP; P = PPPOE; E = Wired AP enabled; A = Enet1 in active/standby mode;
L = Active Load Balancing Enabled; D = Disconn. Extra Calls On; B = Battery Boost On
X = Maintenance Mode; d = Drop Mcast/Bcast On
L = Active Load Balancing Enabled; D = Disconn. Extra Calls On; B = Battery Boost On
X = Maintenance Mode; d = Drop Mcast/Bcast On
Num APs:1
(Aruba800) (config) #ap-regroup ap-name 00:0b:86:c0:d0:3c lee
(Aruba800) #show ap active
(Aruba800) #show ap active
Active AP Table
---------------
Name Group IP Address 11g Clients 11g Ch/Pwr 11a Clients 11a Ch/Pwr AP Type Flags Uptime
---- ----- ---------- ----------- ---------- ----------- ---------- ------- ----- ------
---------------
Name Group IP Address 11g Clients 11g Ch/Pwr 11a Clients 11a Ch/Pwr AP Type Flags Uptime
---- ----- ---------- ----------- ---------- ----------- ---------- ------- ----- ------
Flags: R = Remote AP; P = PPPOE; E = Wired AP enabled; A = Enet1 in active/standby mode;
L = Active Load Balancing Enabled; D = Disconn. Extra Calls On; B = Battery Boost On
X = Maintenance Mode; d = Drop Mcast/Bcast On
L = Active Load Balancing Enabled; D = Disconn. Extra Calls On; B = Battery Boost On
X = Maintenance Mode; d = Drop Mcast/Bcast On
Num APs:0
(Aruba800) #show ap active
Active AP Table
---------------
Name Group IP Address 11g Clients 11g Ch/Pwr 11a Clients 11a Ch/Pwr AP Type Flags Uptime
---- ----- ---------- ----------- ---------- ----------- ---------- ------- ----- ------
00:0b:86:c0:d0:3c lee 10.0.0.254 0 AP:1/21 0 AP:149/15 65 18s
---------------
Name Group IP Address 11g Clients 11g Ch/Pwr 11a Clients 11a Ch/Pwr AP Type Flags Uptime
---- ----- ---------- ----------- ---------- ----------- ---------- ------- ----- ------
00:0b:86:c0:d0:3c lee 10.0.0.254 0 AP:1/21 0 AP:149/15 65 18s
Flags: R = Remote AP; P = PPPOE; E = Wired AP enabled; A = Enet1 in active/standby mode;
L = Active Load Balancing Enabled; D = Disconn. Extra Calls On; B = Battery Boost On
X = Maintenance Mode; d = Drop Mcast/Bcast On
L = Active Load Balancing Enabled; D = Disconn. Extra Calls On; B = Battery Boost On
X = Maintenance Mode; d = Drop Mcast/Bcast On
Num APs:1
(Aruba800) #write m
Saving Configuration...
Saving Configuration...
Configuration Saved.
(Aruba800) #configure
% Incomplete command.
% Incomplete command.
(Aruba800) #configure t
Enter Configuration commands, one per line. End with CNTL/Z
Enter Configuration commands, one per line. End with CNTL/Z
(Aruba800) (config) #aaa bandwidth-contract guest-band mbits 2
(Aruba800) (config) #ip access-list session guest-access
(Aruba800) (config-sess-guest-access)#user any any permit
(Aruba800) (config-sess-guest-access)#exit
(Aruba800) (config) #ip access-list session guest-drop
(Aruba800) (config-sess-guest-drop)#any any any deny log
(Aruba800) (config-sess-guest-drop)#exit
(Aruba800) (config) #user-role guest-role
(Aruba800) (config-role) #session-acl cplogout ap-group lee
(Aruba800) (config-role) #session-acl guest-access ap-group lee
(Aruba800) (config-role) #session-acl guest-drop ap-group lee
(Aruba800) (config-role) #reauthentication-interval 180
(Aruba800) (config-role) #exit
(Aruba800) (config) #aaa profile guest-aaa
(Aruba800) (AAA Profile "guest-aaa") #initial-role logon
(Aruba800) (AAA Profile "guest-aaa") #exit
(Aruba800) (config) #aaa authentication captive-portal guest-cap
(Aruba800) (Captive Portal Authentication Profile "guest-cap") #default-role guest-role
(Aruba800) (Captive Portal Authentication Profile "guest-cap") #server-group internal
(Aruba800) (Captive Portal Authentication Profile "guest-cap") #exit
(Aruba800) (config) #write m
Saving Configuration...
(Aruba800) (config) #ip access-list session guest-access
(Aruba800) (config-sess-guest-access)#user any any permit
(Aruba800) (config-sess-guest-access)#exit
(Aruba800) (config) #ip access-list session guest-drop
(Aruba800) (config-sess-guest-drop)#any any any deny log
(Aruba800) (config-sess-guest-drop)#exit
(Aruba800) (config) #user-role guest-role
(Aruba800) (config-role) #session-acl cplogout ap-group lee
(Aruba800) (config-role) #session-acl guest-access ap-group lee
(Aruba800) (config-role) #session-acl guest-drop ap-group lee
(Aruba800) (config-role) #reauthentication-interval 180
(Aruba800) (config-role) #exit
(Aruba800) (config) #aaa profile guest-aaa
(Aruba800) (AAA Profile "guest-aaa") #initial-role logon
(Aruba800) (AAA Profile "guest-aaa") #exit
(Aruba800) (config) #aaa authentication captive-portal guest-cap
(Aruba800) (Captive Portal Authentication Profile "guest-cap") #default-role guest-role
(Aruba800) (Captive Portal Authentication Profile "guest-cap") #server-group internal
(Aruba800) (Captive Portal Authentication Profile "guest-cap") #exit
(Aruba800) (config) #write m
Saving Configuration...
Configuration Saved.
(Aruba800) (config) #wlan virtual-ap lee
(Aruba800) (Virtual AP profile "lee") #aaa-profile guest-aaa
(Aruba800) (Virtual AP profile "lee") #exit
(Aruba800) (config) #user-role logon
(Aruba800) (config-role) #captive-portal guest-cap
(Aruba800) (config-role) #exit
(Aruba800) (config) #exit
(Aruba800) #local-userdb add ?
generate-username Generate a name for the User
username Name of the User
(Aruba800) (Virtual AP profile "lee") #aaa-profile guest-aaa
(Aruba800) (Virtual AP profile "lee") #exit
(Aruba800) (config) #user-role logon
(Aruba800) (config-role) #captive-portal guest-cap
(Aruba800) (config-role) #exit
(Aruba800) (config) #exit
(Aruba800) #local-userdb add ?
generate-username Generate a name for the User
username Name of the User
(Aruba800) #local-userdb add username guest ?
generate-password Generate a password for the User
password Password of the User
generate-password Generate a password for the User
password Password of the User
(Aruba800) #local-userdb add username guest123 password 111111 role guest-role
(Aruba800) #show running-config
Building Configuration...
version 3.3
enable secret "******"
telnet soe
hostname "Aruba800"
clock timezone PST -8
location "Building1.floor1"
mms config 0
controller config 29
netservice svc-snmp-trap udp 162
netservice svc-syslog udp 514
netservice svc-l2tp udp 1701
netservice svc-ike udp 500
netservice svc-https tcp 443
netservice svc-smb-tcp tcp 445
netservice svc-dhcp udp 67 68
netservice svc-pptp tcp 1723
netservice svc-sccp tcp 2000
netservice svc-telnet tcp 23
netservice svc-sip-tcp tcp 5060
netservice svc-tftp udp 69
netservice svc-kerberos udp 88
netservice svc-http-proxy3 tcp 8888
netservice svc-noe udp 32512
netservice svc-cfgm-tcp tcp 8211
netservice svc-adp udp 8200
netservice svc-pop3 tcp 110
netservice svc-rtsp tcp 554
netservice svc-msrpc-tcp tcp 135 139
netservice svc-dns udp 53
netservice svc-h323-udp udp 1718 1719
netservice svc-h323-tcp tcp 1720
netservice svc-vocera udp 5002
netservice svc-http tcp 80
netservice svc-http-proxy2 tcp 8080
netservice svc-sip-udp udp 5060
netservice svc-nterm tcp 1026 1028
netservice svc-noe-oxo udp 5000 alg noe
netservice svc-papi udp 8211
netservice svc-natt udp 4500
netservice svc-ftp tcp 21
netservice svc-svp 119
netservice svc-smtp tcp 25
netservice svc-gre 47
netservice svc-sips tcp 5061
netservice svc-smb-udp udp 445
netservice svc-esp 50
netservice svc-v6-dhcp udp 546 547
netservice svc-snmp udp 161
netservice svc-bootp udp 67 69
netservice svc-msrpc-udp udp 135 139
netservice svc-ntp udp 123
netservice svc-icmp 1
netservice svc-ssh tcp 22
netservice svc-v6-icmp 58
netservice svc-http-proxy1 tcp 3128
ip access-list session control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-papi permit
any any svc-cfgm-tcp permit
any any svc-adp permit
any any svc-tftp permit
any any svc-dhcp permit
any any svc-natt permit
!
ip access-list session guest-drop
any any any deny log
!
ip access-list session validuser
any any any permit
!
ip access-list session vocera-acl
any any svc-vocera permit queue high
!
ip access-list session icmp-acl
any any svc-icmp permit
!
ip access-list session captiveportal
user alias mswitch svc-https dst-nat 8081
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
user any svc-http-proxy1 dst-nat 8088
user any svc-http-proxy2 dst-nat 8088
user any svc-http-proxy3 dst-nat 8088
!
ip access-list session guest-access
user any any permit
!
ip access-list session allowall
any any any permit
!
ip access-list session https-acl
any any svc-https permit
!
ip access-list session sip-acl
any any svc-sip-udp permit queue high
any any svc-sip-tcp permit queue high
!
ip access-list session dns-acl
any any svc-dns permit
!
ip access-list session tftp-acl
any any svc-tftp permit
!
ip access-list session skinny-acl
any any svc-sccp permit queue high
!
ip access-list session srcnat
user any any src-nat
!
ip access-list session ***logon
user any svc-ike permit
user any svc-esp permit
any any svc-l2tp permit
any any svc-pptp permit
any any svc-gre permit
!
ip access-list session logon-control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
!
ip access-list session cplogout
user alias mswitch svc-https dst-nat 8081
!
ip access-list session guest
!
ip access-list session http-acl
any any svc-http permit
!
ip access-list session dhcp-acl
any any svc-dhcp permit
!
ip access-list session noe-acl
any any svc-noe permit queue high
!
ip access-list session svp-acl
any any svc-svp permit queue high
user host 224.0.1.116 any permit
!
ip access-list session ap-acl
any any svc-gre permit
any any svc-syslog permit
any user svc-snmp permit
user any svc-snmp-trap permit
user any svc-ntp permit
!
ip access-list session h323-acl
any any svc-h323-tcp permit queue high
any any svc-h323-udp permit queue high
!
ipv6 access-list session v6-icmp-acl
any any svc-v6-icmp permit
!
ipv6 access-list session v6-https-acl
any any svc-https permit
!
ipv6 access-list session v6-control
user any udp 68 deny
any any svc-v6-icmp permit
any any svc-v6-dhcp permit
any any svc-dns permit
any any svc-tftp permit
!
ipv6 access-list session v6-dhcp-acl
any any svc-v6-dhcp permit
!
ipv6 access-list session v6-dns-acl
any any svc-dns permit
!
ipv6 access-list session v6-allowall
any any any permit
!
ipv6 access-list session v6-http-acl
any any svc-http permit
!
ipv6 access-list session v6-tftp-acl
any any svc-tftp permit
!
ipv6 access-list session v6-logon-control
user any udp 68 deny
any any svc-v6-icmp permit
any any svc-v6-dhcp permit
any any svc-dns permit
!
***-dialer default-dialer
ike authentication PRE-SHARE ******
!
aaa bandwidth-contract guest-band mbits 2
user-role ap-role
session-acl control
session-acl ap-acl
!
user-role trusted-ap
session-acl allowall
!
user-role default-***-role
session-acl allowall
ipv6 session-acl v6-allowall
!
user-role guest-role
reauthentication-interval 180
session-acl cplogout ap-group lee
session-acl guest-access ap-group lee
session-acl guest-drop ap-group lee
!
user-role voice
session-acl sip-acl
session-acl noe-acl
session-acl svp-acl
session-acl vocera-acl
session-acl skinny-acl
session-acl h323-acl
session-acl dhcp-acl
session-acl tftp-acl
session-acl dns-acl
session-acl icmp-acl
!
user-role guest-logon
captive-portal default
session-acl logon-control
session-acl captiveportal
!
user-role guest
session-acl http-acl
session-acl https-acl
session-acl dhcp-acl
session-acl icmp-acl
session-acl dns-acl
ipv6 session-acl v6-http-acl
ipv6 session-acl v6-https-acl
ipv6 session-acl v6-dhcp-acl
ipv6 session-acl v6-icmp-acl
ipv6 session-acl v6-dns-acl
!
user-role stateful-dot1x
!
user-role authenticated
session-acl allowall
ipv6 session-acl v6-allowall
!
user-role stateful
session-acl control
!
user-role logon
captive-portal guest-cap
session-acl logon-control
session-acl captiveportal
session-acl ***logon
ipv6 session-acl v6-logon-control
!
aaa pubcookie-authentication
!
(Aruba800) #show running-config
Building Configuration...
version 3.3
enable secret "******"
telnet soe
hostname "Aruba800"
clock timezone PST -8
location "Building1.floor1"
mms config 0
controller config 29
netservice svc-snmp-trap udp 162
netservice svc-syslog udp 514
netservice svc-l2tp udp 1701
netservice svc-ike udp 500
netservice svc-https tcp 443
netservice svc-smb-tcp tcp 445
netservice svc-dhcp udp 67 68
netservice svc-pptp tcp 1723
netservice svc-sccp tcp 2000
netservice svc-telnet tcp 23
netservice svc-sip-tcp tcp 5060
netservice svc-tftp udp 69
netservice svc-kerberos udp 88
netservice svc-http-proxy3 tcp 8888
netservice svc-noe udp 32512
netservice svc-cfgm-tcp tcp 8211
netservice svc-adp udp 8200
netservice svc-pop3 tcp 110
netservice svc-rtsp tcp 554
netservice svc-msrpc-tcp tcp 135 139
netservice svc-dns udp 53
netservice svc-h323-udp udp 1718 1719
netservice svc-h323-tcp tcp 1720
netservice svc-vocera udp 5002
netservice svc-http tcp 80
netservice svc-http-proxy2 tcp 8080
netservice svc-sip-udp udp 5060
netservice svc-nterm tcp 1026 1028
netservice svc-noe-oxo udp 5000 alg noe
netservice svc-papi udp 8211
netservice svc-natt udp 4500
netservice svc-ftp tcp 21
netservice svc-svp 119
netservice svc-smtp tcp 25
netservice svc-gre 47
netservice svc-sips tcp 5061
netservice svc-smb-udp udp 445
netservice svc-esp 50
netservice svc-v6-dhcp udp 546 547
netservice svc-snmp udp 161
netservice svc-bootp udp 67 69
netservice svc-msrpc-udp udp 135 139
netservice svc-ntp udp 123
netservice svc-icmp 1
netservice svc-ssh tcp 22
netservice svc-v6-icmp 58
netservice svc-http-proxy1 tcp 3128
ip access-list session control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-papi permit
any any svc-cfgm-tcp permit
any any svc-adp permit
any any svc-tftp permit
any any svc-dhcp permit
any any svc-natt permit
!
ip access-list session guest-drop
any any any deny log
!
ip access-list session validuser
any any any permit
!
ip access-list session vocera-acl
any any svc-vocera permit queue high
!
ip access-list session icmp-acl
any any svc-icmp permit
!
ip access-list session captiveportal
user alias mswitch svc-https dst-nat 8081
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
user any svc-http-proxy1 dst-nat 8088
user any svc-http-proxy2 dst-nat 8088
user any svc-http-proxy3 dst-nat 8088
!
ip access-list session guest-access
user any any permit
!
ip access-list session allowall
any any any permit
!
ip access-list session https-acl
any any svc-https permit
!
ip access-list session sip-acl
any any svc-sip-udp permit queue high
any any svc-sip-tcp permit queue high
!
ip access-list session dns-acl
any any svc-dns permit
!
ip access-list session tftp-acl
any any svc-tftp permit
!
ip access-list session skinny-acl
any any svc-sccp permit queue high
!
ip access-list session srcnat
user any any src-nat
!
ip access-list session ***logon
user any svc-ike permit
user any svc-esp permit
any any svc-l2tp permit
any any svc-pptp permit
any any svc-gre permit
!
ip access-list session logon-control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
!
ip access-list session cplogout
user alias mswitch svc-https dst-nat 8081
!
ip access-list session guest
!
ip access-list session http-acl
any any svc-http permit
!
ip access-list session dhcp-acl
any any svc-dhcp permit
!
ip access-list session noe-acl
any any svc-noe permit queue high
!
ip access-list session svp-acl
any any svc-svp permit queue high
user host 224.0.1.116 any permit
!
ip access-list session ap-acl
any any svc-gre permit
any any svc-syslog permit
any user svc-snmp permit
user any svc-snmp-trap permit
user any svc-ntp permit
!
ip access-list session h323-acl
any any svc-h323-tcp permit queue high
any any svc-h323-udp permit queue high
!
ipv6 access-list session v6-icmp-acl
any any svc-v6-icmp permit
!
ipv6 access-list session v6-https-acl
any any svc-https permit
!
ipv6 access-list session v6-control
user any udp 68 deny
any any svc-v6-icmp permit
any any svc-v6-dhcp permit
any any svc-dns permit
any any svc-tftp permit
!
ipv6 access-list session v6-dhcp-acl
any any svc-v6-dhcp permit
!
ipv6 access-list session v6-dns-acl
any any svc-dns permit
!
ipv6 access-list session v6-allowall
any any any permit
!
ipv6 access-list session v6-http-acl
any any svc-http permit
!
ipv6 access-list session v6-tftp-acl
any any svc-tftp permit
!
ipv6 access-list session v6-logon-control
user any udp 68 deny
any any svc-v6-icmp permit
any any svc-v6-dhcp permit
any any svc-dns permit
!
***-dialer default-dialer
ike authentication PRE-SHARE ******
!
aaa bandwidth-contract guest-band mbits 2
user-role ap-role
session-acl control
session-acl ap-acl
!
user-role trusted-ap
session-acl allowall
!
user-role default-***-role
session-acl allowall
ipv6 session-acl v6-allowall
!
user-role guest-role
reauthentication-interval 180
session-acl cplogout ap-group lee
session-acl guest-access ap-group lee
session-acl guest-drop ap-group lee
!
user-role voice
session-acl sip-acl
session-acl noe-acl
session-acl svp-acl
session-acl vocera-acl
session-acl skinny-acl
session-acl h323-acl
session-acl dhcp-acl
session-acl tftp-acl
session-acl dns-acl
session-acl icmp-acl
!
user-role guest-logon
captive-portal default
session-acl logon-control
session-acl captiveportal
!
user-role guest
session-acl http-acl
session-acl https-acl
session-acl dhcp-acl
session-acl icmp-acl
session-acl dns-acl
ipv6 session-acl v6-http-acl
ipv6 session-acl v6-https-acl
ipv6 session-acl v6-dhcp-acl
ipv6 session-acl v6-icmp-acl
ipv6 session-acl v6-dns-acl
!
user-role stateful-dot1x
!
user-role authenticated
session-acl allowall
ipv6 session-acl v6-allowall
!
user-role stateful
session-acl control
!
user-role logon
captive-portal guest-cap
session-acl logon-control
session-acl captiveportal
session-acl ***logon
ipv6 session-acl v6-logon-control
!
aaa pubcookie-authentication
!
no spanning-tree
interface mgmt
shutdown
!
interface mgmt
shutdown
!
interface loopback
ip address 1.1.1.1
!
ip address 1.1.1.1
!
vlan 10
vlan 100
vlan 100
interface fastethernet 1/0
description "FE1/0"
trusted
switchport access vlan 10
!
interface fastethernet 1/1
description "FE1/1"
trusted
switchport access vlan 10
!
description "FE1/1"
trusted
switchport access vlan 10
!
interface fastethernet 1/2
description "FE1/2"
trusted
switchport access vlan 10
!
interface fastethernet 1/3
description "FE1/3"
trusted
switchport access vlan 10
!
description "FE1/2"
trusted
switchport access vlan 10
!
interface fastethernet 1/3
description "FE1/3"
trusted
switchport access vlan 10
!
interface fastethernet 1/4
description "FE1/4"
trusted
switchport access vlan 10
!
description "FE1/4"
trusted
switchport access vlan 10
!
interface fastethernet 1/5
description "FE1/5"
trusted
switchport access vlan 10
!
description "FE1/5"
trusted
switchport access vlan 10
!
interface fastethernet 1/6
description "FE1/6"
trusted
switchport access vlan 10
!
interface fastethernet 1/7
description "FE1/7"
trusted
switchport access vlan 10
!
description "FE1/6"
trusted
switchport access vlan 10
!
interface fastethernet 1/7
description "FE1/7"
trusted
switchport access vlan 10
!
interface gigabitethernet 1/8
description "GE1/8"
trusted
switchport access vlan 10
!
description "GE1/8"
trusted
switchport access vlan 10
!
interface vlan 1
ip address 172.16.0.254 255.255.255.0
!
ip address 172.16.0.254 255.255.255.0
!
interface vlan 10
ip address 10.0.0.1 255.255.255.0
!
ip address 10.0.0.1 255.255.255.0
!
interface vlan 100
ip address 192.168.100.1 255.255.255.0
!
ip address 192.168.100.1 255.255.255.0
!
wms
general poll-interval 60000
general poll-retries 3
general ap-ageout-interval 30
general sta-ageout-interval 30
general learn-ap disable
general persistent-known-interfering enable
general propagate-wired-macs enable
general stat-update enable
general collect-stats disable
!
no crypto-local isakmp permit-invalid-cert
localip 0.0.0.0 ipsec a19a9b4a9de1f8140468c86d63eab6fc3ede8b2041a6c2a1
crypto isakmp groupname changeme
crypto-local isakmp dpd idle-timeout 22 retry-timeout 2 retry-attempts 3
crypto-local isakmp xauth
general poll-interval 60000
general poll-retries 3
general ap-ageout-interval 30
general sta-ageout-interval 30
general learn-ap disable
general persistent-known-interfering enable
general propagate-wired-macs enable
general stat-update enable
general collect-stats disable
!
no crypto-local isakmp permit-invalid-cert
localip 0.0.0.0 ipsec a19a9b4a9de1f8140468c86d63eab6fc3ede8b2041a6c2a1
crypto isakmp groupname changeme
crypto-local isakmp dpd idle-timeout 22 retry-timeout 2 retry-attempts 3
crypto-local isakmp xauth
vpdn group l2tp
ppp authentication PAP
!
ppp authentication PAP
!
ip dhcp excluded-address 10.0.0.1 10.0.0.10
ip dhcp excluded-address 192.168.100.1 192.168.100.10
ip dhcp pool ap-pool
default-router 10.0.0.1
network 10.0.0.0 255.255.255.0
authoritative
!
ip dhcp pool user-pool
default-router 192.168.100.1
dns-server 192.168.100.1
network 192.168.100.0 255.255.255.0
authoritative
!
service dhcp
ip dhcp excluded-address 192.168.100.1 192.168.100.10
ip dhcp pool ap-pool
default-router 10.0.0.1
network 10.0.0.0 255.255.255.0
authoritative
!
ip dhcp pool user-pool
default-router 192.168.100.1
dns-server 192.168.100.1
network 192.168.100.0 255.255.255.0
authoritative
!
service dhcp
vpdn group pptp
ppp authentication MSCHAPv2
!
ppp authentication MSCHAPv2
!
mux-address 0.0.0.0
adp discovery enable
adp igmp-join enable
adp igmp-vlan 0
adp igmp-join enable
adp igmp-vlan 0
ssh mgmt-auth username/password
mgmt-user admin root 8b4fb38801e15ddd559033ed802cf32443c105c34fab0543d1
mgmt-user admin root 8b4fb38801e15ddd559033ed802cf32443c105c34fab0543d1
no database synchronize
database synchronize rf-plan-data
ip mobile domain default
!
!
ip igmp
!
!
packet-capture-defaults tcp disable udp disable sysmsg disable other disable
!
ip domain lookup
!
country CN
aaa authentication mac "default"
!
aaa authentication dot1x "default"
!
aaa server-group "default"
auth-server Internal
set role condition role value-of
!
aaa profile "default"
!
aaa profile "guest-aaa"
!
aaa authentication captive-portal "default"
!
aaa authentication captive-portal "guest-cap"
default-role "guest-role"
server-group "internal"
!
aaa authentication ***
!
aaa authentication mgmt
!
aaa authentication stateful-dot1x
!
aaa authentication wired
!
web-server
!
ap system-profile "default"
!
ap regulatory-domain-profile "default"
country-code CN
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 149
valid-11a-channel 153
valid-11a-channel 157
valid-11a-channel 161
valid-11a-channel 165
valid-11g-40mhz-channel-pair 1+
valid-11g-40mhz-channel-pair 5-
valid-11g-40mhz-channel-pair 7+
valid-11g-40mhz-channel-pair 11-
valid-11a-40mhz-channel-pair 149+
valid-11a-40mhz-channel-pair 153-
valid-11a-40mhz-channel-pair 157+
valid-11a-40mhz-channel-pair 161-
!
ap wired-ap-profile "default"
!
ap enet-link-profile "default"
!
ap snmp-profile "default"
!
ids general-profile "default"
!
ids unauthorized-device-profile "default"
!
ids profile "default"
!
rf arm-profile "default"
!
rf optimization-profile "default"
!
rf event-thresholds-profile "default"
!
rf dot11a-radio-profile "default"
!
rf dot11g-radio-profile "default"
!
wlan ht-ssid-profile "default"
!
wlan ssid-profile "default"
!
wlan ssid-profile "lee"
essid "lee"
opmode static-wep
wepkey1 7ab076533c356e78b47af3367655194bd58a8d50a0131721
!
wlan virtual-ap "default"
!
wlan virtual-ap "lee"
ssid-profile "lee"
vlan 100
aaa-profile "guest-aaa"
!
ap-group "default"
virtual-ap "default"
!
ap-group "lee"
virtual-ap "lee"
!
end
!
ip domain lookup
!
country CN
aaa authentication mac "default"
!
aaa authentication dot1x "default"
!
aaa server-group "default"
auth-server Internal
set role condition role value-of
!
aaa profile "default"
!
aaa profile "guest-aaa"
!
aaa authentication captive-portal "default"
!
aaa authentication captive-portal "guest-cap"
default-role "guest-role"
server-group "internal"
!
aaa authentication ***
!
aaa authentication mgmt
!
aaa authentication stateful-dot1x
!
aaa authentication wired
!
web-server
!
ap system-profile "default"
!
ap regulatory-domain-profile "default"
country-code CN
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 149
valid-11a-channel 153
valid-11a-channel 157
valid-11a-channel 161
valid-11a-channel 165
valid-11g-40mhz-channel-pair 1+
valid-11g-40mhz-channel-pair 5-
valid-11g-40mhz-channel-pair 7+
valid-11g-40mhz-channel-pair 11-
valid-11a-40mhz-channel-pair 149+
valid-11a-40mhz-channel-pair 153-
valid-11a-40mhz-channel-pair 157+
valid-11a-40mhz-channel-pair 161-
!
ap wired-ap-profile "default"
!
ap enet-link-profile "default"
!
ap snmp-profile "default"
!
ids general-profile "default"
!
ids unauthorized-device-profile "default"
!
ids profile "default"
!
rf arm-profile "default"
!
rf optimization-profile "default"
!
rf event-thresholds-profile "default"
!
rf dot11a-radio-profile "default"
!
rf dot11g-radio-profile "default"
!
wlan ht-ssid-profile "default"
!
wlan ssid-profile "default"
!
wlan ssid-profile "lee"
essid "lee"
opmode static-wep
wepkey1 7ab076533c356e78b47af3367655194bd58a8d50a0131721
!
wlan virtual-ap "default"
!
wlan virtual-ap "lee"
ssid-profile "lee"
vlan 100
aaa-profile "guest-aaa"
!
ap-group "default"
virtual-ap "default"
!
ap-group "lee"
virtual-ap "lee"
!
end