以下命令由本人所翻譯,其中有的不正確之處希望能指出。
配置g/0/0/1地址命令
進入: interface GigabitEthernet 0/0/1
配置IP網關:ip address 所添加的IP
啟用OSPF動態學習
ospf 1
area 0
network 192.168.1.0 0.0.0.3 連接器ip
network 192.168.2.0 0.0.0.255 網關地址
創建vlan命令
vlan batch 20
開啟dhcp功能
dhcp enable
配置vlan 20
進入:interface vlan 20
配置服務器池:dhcp select interface
設置dhcp分發dns為ip ip,:dhcp server dns-list IP ip,
端口組配置:
group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/5
配置端口為access:
port link-type access
添加至vlan
port default vlan 2
放行vlan
port trunk allow-pass vlan 3
創建三層vlan
interface Vlanif 2
設置下一跳
ip route-static 0.0.0.0 0 嚇一跳ip
創建訪問控制列表
acl number 2000
允許通過
rule 1 permit
配置靜態路由訪問本機網絡
nat outbound 2000
防火牆:
將G口添加到trust/untrust
進入
firewall zone trust/untrust
添加
add interface GigabitEthernet 0/0/1
放行內部地IP172.16.105.0
進入:policy interzone trust untrust outbound
policy 0
action permit
放行內部地址
policy source 172.16.105.0 0.255.255.255
配置NAT匹配內部地址
進入
nat-policy interzone trust untrust outbound
policy 1
action source-nat
設置匹配地址
policy source 172.16.105.0 0.255.255.255
easy-ip GigabitEthernet 0/0/1
無線:
設置安全策略Internet
進入配置:wlan
security-profile name Internet
配置安全認證方式為wpa-wpa2,密碼為a1234567
security wpa-wpa2 psk pass-phrase a1234567 aes
設置無線ssid為Internet
ssid-profile name Internet
ssid Internet
綁定業務:
進入:vap-profile name internet
forward-mode direct-forward
綁定vlan101
service-vlan vlan-id 101
綁定安全策略:
security-profile internet
綁定ssid
ssid-profile internet
創建AP組,名稱為ap-group1
ap-group name ap-group1
綁定vap模板到射頻卡0、1上
vap-profile Internet wlan 1 radio 0
vap-profile Internet wlan 1 radio 1
配置vlan20 IP
interface Vlanif 20
ip address 172.17.20.253 24
配置vrrp虛擬網關為172.17.20.254, vrid為1
vrrp vrid 1 virtual-ip 172.17.20.254
配置優先級為120
vrrp vrid 1 priority 120
vrrp vrid 1 track interface GigabitEthernet 0/0/4 reduced 15
配置mstp協議
進入:stp region-configuration
配置區域名:region-name RG1
vlan20為實例1,vlan17為實例2:
instance 1 vlan 20
instance 2 vlan 17
active region-configuration
vlan20在SW1上為主
stp instance 1 root primary
vlan17在SW1上為備
stp instance 2 root secondary
stp pathcost-standard legacy