发布时间 : 星期一 文章aruba配置手册更新完毕开始阅读2b65ca6dff00bed5b8f31d30
wlan ssid-profile \
wpa-passphrase 1234567890 ---tkip设置
provision-ap copy-provisioning-params ip-addr 192.168.102.250 provision-ap no ipaddr provision-ap a-ant-gain 2 provision-ap g-ant-gain 2 provision-ap a-antenna 1 provision-ap g-antenna 1
provision-ap external-antenna
provision-ap master 192.168.102.100 provision-ap server-ip 192.168.102.100 provision-ap ap-group \
provision-ap ap-name \provision-ap no syslocation provision-ap fqln \
provision-ap reprovision ip-addr 192.168.102.250
interface loopback ip address \
apboot> help
boot - run bootcmd or boot AP image or elf file or from flash cd - cfg register display cw - cfg register write
dis - disassemble instructions
dhcp - invoke DHCP client to obtain IP/boot params eloop - loopback received ethernet frames flash - FLASH sub-system
go - start application at address 'addr' help - print online help mc - memory copy md - memory display mii - MII sub-system mtest - simple RAM test netstat - net statistics mw - memory write ping - ping net host printenv - env display purgeenv - purge env
regs - display various regs reset - reset processor
run - run commands in an environment variable
saveenv - save environment variables to persistent storage
setenv - set variable in env (ipaddr/netmask/gatewayip/master/serverip) setenv ipaddr x.x.x.x setenv netmask x.x.x.x setenv gatewayip x.x.x.x setenv serverip x.x.x.x setenv master x.x.x.x
tcpdump - dump received packets tcpsend - send TCP packet tftpboot - boot via tftp tlb - dump TLB
trace - dump trace buffer version - print monitor version
wdog - stop refreshing watchdog timer apboot>
No spanning-tree 关闭spanning-tree Adp discover disable 关闭ADP Adp imgp-join disable 关闭im-j
一、WEB页面认证
1、 wlan ssid-profile (staff-ssid-profile) :定义ssid配置文件
1.1 essid staff :定义ssid下的essid—显示出来的ssid 2、 wlan virtual-ap (staff-vap-profile) :定义virtual-ap的配置文件 2.1 ssid-profile (staff-ssid-profile) :在virtual-ap下引用定义过SSID 2.2 vlan ID aa,bb :把virtual-ap加入到要ssid所属VLAN 3、aaa profile staff-aaa-profile :定义AAA认证配置文件
4、aaa server-group (staff-servergroup) :定义server-group配置文件
4.1 auth-server internal :定义认证服务器为本地认证 4.2 set role condition role value-of 设置角色
set role condition
5、aaa authentication captive-portal (staff-auth-profile) :captive-portal配置 5.1 server-group staff-servergroup :在下面引用定义过的server-group 6、user-role staff-logon :定义用户登陆前权限的配文件
6.1 access-list session logon-control position 1 定义用户登陆前的权限--位置1 6.2 access-list session captiveportal position 2 定义用户登陆前的权限--2 6.3 Captive-Portal staff-auth-profile position 3定义过captive-portal
Re-authentication interval 480 再次认证间隔480秒默认3600秒 7、user-role vip-role :定义用户成功登陆后的配置文件
7.1 session-acl allowall 赋予所有允许权限 session-acl http-acl 只有http
8、wlan virtual-ap staff-vap-profile :进入定义过的virtual-ap配置文件 8.1 aaa-profile staff-aaa-profile :引用定义过的AAA配置文件 9、ap-group default :定义ap-group,最好用默认的
9.1 virtual-ap staff-vap-profile :引用定义过的Virtual-ap配置文件 10、aaa profile staff-aaa-profile :进入定义过的AAA配置文件
10.1 initial-role staff-logon :把initial-role改为定义过用户登陆前配置
11、aaa authentication-server internal use-local-switch :定义认证SERVER为本地交换机 12、local-userdb add username staff password 123456 role vip-role :定义用户的登陆的用户名和密码及权限
二、 MAC 地址认证配置
1、wlan ssid-profile (staff-ssid-profile) :定义ssid配置文件
1.1 essid staff :定义ssid下的essid
2、wlan virtual-ap (staff-vap-profile) :定义virtual-ap的配置文件
2.1 ssid-profile (staff-ssid-profile) :virtual-ap下引用定义过的SSID配置文件 2.2 vlan ID :把virtual-ap加入到要ssid所属的VLAN 3、aaa profile staff-aaa-mac-profile :定义AAA认证配置文件 4、aaa authentication mac staff-mac-profile :定义mac配置文件 4.1 Delimiter dash :定义mac地址的格式 4.2 Case upper (upper/lower) :定义mac地址的大/小写 备注:aaa authentication mac staff-mac-profile clone
delimiter {colon|dash|none}
max-authentication-failures 数字
aaa authentication mac mac-blacklist MAC黑名单
max-authentication-failures 5 最多认证失败次数
5、aaa server-group (staff-macservergroup) :定义server-group配置文件
5.1 auth-server internal :定义认证服务器为本地认证 5.2 set role condition role value-of
6、user-role staff-logon :定义用户登陆前权限的配文件
6.1 access-list session logon-control :定义用户登陆前的权限 6.2 access-list session captiveportal :定义用户登陆前的权限 7、user-role vip-role :定义用户成功登陆后的配置文件
7.1 session-acl allowall :赋予权限
8、wlan virtual-ap staff-vap-profile :进入定义过的virtual-ap配置文件 8.1 aaa-profile staff-aaa-mac-profile :引用定义过的AAA配置文件 9、ap-group default :定义ap-group,最好用默认的
9.1 virtual-ap staff-vap-profile :引用定义过的Virtual-ap配置文件 10、aaa profile staff-aaa-mac-profile :进入定义过的AAA配置文件
10.1 initial-role staff-logon :把initial-role改为定义过的用户登陆前的配置文件
10.2 authentication-mac staff-mac-profile :把定义的authentication mac文件引用 10.3 mac-server-group staff-macservergroup :把定义的servergroup加入
11、aaa authentication-server internal use-local-switch :定义认证SERVER为本地交换机 12、local-userdb add username mac地址 password mac地址 role vip-role :定义用户的登陆的用户名和密码及权限 注意:
如果是有线直接连在端口上的话要进行认证必须把连接口设为UNTRUSTED.
同时在设定:进入aaa authentication wired 后设定:profile (staff-aaa-profile) 为你设定认证的AAA profile
Blacklist:5次错误就拒绝访问
show aaa authentication captive-portal default: Max authentication failures 改为5次 show aaa authentication dot1x default: Max authentication failures 改为5次
1、aaa bandwidth-contract \2、aaa bandwidth-contract \ip access-list session \any any any permit queue low !
user-role \
access-list \
bw-contract \bw-contract \
aaa bandwidth-contract \带宽2M控制 aaa bandwidth-contract 128_up kbits 128 带宽128k控制 aaa bandwidth-contract 512 kbits 512 aaa bandwidth-contract 64 kbits 64 aaa bandwidth-contract 256 kbits 256
aaa bandwidth-contract 1 mbits 1 带宽1M控制
aaa bandwidth-contract 128_up kbits 128 user-role 128
bw-contract 128_up per-user upstream
user-role ap-role session-acl control session-acl ap-acl !
user-role pre-employee session-acl allowall
Master mobility controller configuration 1 Initial setup of Aruba-master