华为AC6005配置清单
#
http secure-server ssl-policy default_policy
http server enable
#
vlan batch 10 100
#
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
#
dot1x-access-profile name dot1x_access_profile
mac-access-profile name mac_access_profile
#
dhcp enable
#
diffserv domain default
#
radius-server template default
#
pki realm default
enrollment self-signed
#
ssl policy default_policy type server
pki-realm default
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password irreversible-cipher %^%#hcSFP*nosI1B]!)77!UYV7ja
local-user admin privilege level 15
local-user admin service-type ssh http
#
interface Vlanif1
ip address 169.254.1.1 255.255.0.0
#
interface Vlanif10
ip address 192.168.10.253 255.255.255.0
#
interface Vlanif100
ip address 192.168.0.100 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 192.168.0.1
dhcp server excluded-ip-address 192.168.0.250 192.168.0.254 #
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 10 100
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 10 100
#
interface GigabitEthernet0/0/6
port link-type trunk
port trunk pvid vlan 100
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100
#
interface GigabitEthernet0/0/7
port link-type trunk
port trunk pvid vlan 100
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100
#
interface GigabitEthernet0/0/8
port link-type trunk
port trunk pvid vlan 100
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 100
#
interface NULL0
#
undo snmp-agent
#
stelnet server enable
undo telnet server enable
undo telnet ipv6 server enable
ssh server secure-algorithms cipher aes256_ctr aes128_ctr aes256_cbc aes128 3des
ssh server secure-algorithms hmac sha2_256 sha2_256_96 sha1 sha1_96 md5 md5_96
ssh client secure-algorithms cipher aes256_ctr aes128_ctr aes256_cbc aes128 3des
ssh client secure-algorithms hmac sha2_256 sha2_256_96 sha1 sha1_96 md5 md5_96
#
ip route-static 0.0.0.0 0.0.0.0 192.168.0.254
#
capwap source interface vlanif100
#
user-interface con 0
authentication-mode password
set authentication password cipher %^%#{a9TMT&W'7!u)GLwNDg$g$OXIy=(="Ydz#IXium+JgRU$uM~}4=vTG0'~m*)%^%# user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
user-interface vty 16 20
protocol inbound all
#
wlan
traffic-profile name default
security-profile name default
security-profile name default-wds
security wpa2 psk pass-phrase %^%#8H(HHHl=J)Hk1S*IA"Q8_Ou^"4J6D$rOtg<%Ia`+%^%# aes security-profile name default-mesh
security wpa2 psk pass-phrase %^%#1M@oXMp{y'M'O8Jj(KDH.sX7my;63Jty!zQm%*%^%# aes
security-profile name wlan-net
security wpa-wpa2 psk pass-phrase %^%#Lt%yDzjX#([$ZBV.}5m&YhxBNQ0N1 security-profile name www-01 security wpa-wpa2 psk pass-phrase %^%# security-profile name defaultRadio1 security wpa2 psk pass-phrase %^%#cUlPKDCQ+J^Ow3I^:_i/ security wpa-wpa2 psk pass-phrase %^%#7i26W[`LRPVc(P0C7".2iQ$gV-e7+ShY<]5t(@kP%^%# aes security-profile name www-03 security wpa-wpa2 psk pass-phrase %^%#1PDl6G4R8Lgb_7* ssid-profile name default ssid-profile name wlan-net ssid wlan-net ssid-profile name www-01 ssid weiniu-01 ssid-profile name www-02 ssid weiniu-02 ssid-profile name www-03 ssid weiniu-03 vap-profile name default vap-profile name wlan-net service-vlan vlan-id 101 ssid-profile wlan-net security-profile wlan-net vap-profile name www-01 service-vlan vlan-id 10 ssid-profile www-01 security-profile www-01 vap-profile name www-02 service-vlan vlan-id 10 ssid-profile www-02 security-profile www-02 vap-profile name www-03 service-vlan vlan-id 10 ssid-profile www-03 security-profile www-03 wds-profile name default mesh-handover-profile name default mesh-whitelist-profile name defaultRadio1 peer-ap mac 9c7d-a381-e900 mesh-profile name default mesh-profile name defaultRadio1 security-profile defaultRadio1 mesh-id 1 regulatory-domain-profile name default air-scan-profile name default rrm-profile name default calibrate auto-channel-select disable calibrate auto-txpower-select disable radio-2g-profile name default radio-5g-profile name default wids-profile name default ap-system-profile name default provision-ap port-link-profile name default wired-port-profile name default ap-group name default radio 0 vap-profile weiniu-01 wlan 10 vap-profile weiniu-02 wlan 11 vap-profile weiniu-03 wlan 12 radio 1 vap-profile weiniu-01 wlan 10 vap-profile weiniu-02 wlan 11 vap-profile weiniu-03 wlan 12 mesh-profile defaultRadio1 mesh-whitelist-profile defaultRadio1 ap-group name ap-group1 radio 0 vap-profile wlan-net wlan 1 radio 1 vap-profile wlan-net wlan 1 ap-id 0 type-id 19 ap-mac 9c7d-a333-9260 ap-sn 2102358260W0GC000062 ap-name area_1 ap-group default radio 0 channel 20mhz 6 eirp 127 radio 1 channel 20mhz 149 eirp 127 ap-id 1002 type-id 19 ap-mac 9c7d-a333-8f40 ap-sn 2102358260W0GC000087 ap-group default ap-id 1003 type-id 19 ap-mac 9c7d-a381-f220 ap-sn 2102354196W0GC000027 ap-group default ap-id 1004 type-id 19 ap-mac 9c7d-a333-8ec0 ap-sn 2102358260W0GC000091 ap-group default ap-id 1005 type-id 19 ap-mac 9c7d-a381-e900 ap-sn 2102354196W0GC000100 ap-group default # undo ntp-service enable # return