以下命令由本人所翻译,其中有的不正确之处希望能指出。
配置g/0/0/1地址命令
进入: interface GigabitEthernet 0/0/1
配置IP网关:ip address 所添加的IP
启用OSPF动态学习
ospf 1
area 0
network 192.168.1.0 0.0.0.3 连接器ip
network 192.168.2.0 0.0.0.255 网关地址
创建vlan命令
vlan batch 20
开启dhcp功能
dhcp enable
配置vlan 20
进入:interface vlan 20
配置服务器池:dhcp select interface
设置dhcp分发dns为ip ip,:dhcp server dns-list IP ip,
端口组配置:
group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/5
配置端口为access:
port link-type access
添加至vlan
port default vlan 2
放行vlan
port trunk allow-pass vlan 3
创建三层vlan
interface Vlanif 2
设置下一跳
ip route-static 0.0.0.0 0 吓一跳ip
创建访问控制列表
acl number 2000
允许通过
rule 1 permit
配置静态路由访问本机网络
nat outbound 2000
防火墙:
将G口添加到trust/untrust
进入
firewall zone trust/untrust
添加
add interface GigabitEthernet 0/0/1
放行内部地IP172.16.105.0
进入:policy interzone trust untrust outbound
policy 0
action permit
放行内部地址
policy source 172.16.105.0 0.255.255.255
配置NAT匹配内部地址
进入
nat-policy interzone trust untrust outbound
policy 1
action source-nat
设置匹配地址
policy source 172.16.105.0 0.255.255.255
easy-ip GigabitEthernet 0/0/1
无线:
设置安全策略Internet
进入配置:wlan
security-profile name Internet
配置安全认证方式为wpa-wpa2,密码为a1234567
security wpa-wpa2 psk pass-phrase a1234567 aes
设置无线ssid为Internet
ssid-profile name Internet
ssid Internet
绑定业务:
进入:vap-profile name internet
forward-mode direct-forward
绑定vlan101
service-vlan vlan-id 101
绑定安全策略:
security-profile internet
绑定ssid
ssid-profile internet
创建AP组,名称为ap-group1
ap-group name ap-group1
绑定vap模板到射频卡0、1上
vap-profile Internet wlan 1 radio 0
vap-profile Internet wlan 1 radio 1
配置vlan20 IP
interface Vlanif 20
ip address 172.17.20.253 24
配置vrrp虚拟网关为172.17.20.254, vrid为1
vrrp vrid 1 virtual-ip 172.17.20.254
配置优先级为120
vrrp vrid 1 priority 120
vrrp vrid 1 track interface GigabitEthernet 0/0/4 reduced 15
配置mstp协议
进入:stp region-configuration
配置区域名:region-name RG1
vlan20为实例1,vlan17为实例2:
instance 1 vlan 20
instance 2 vlan 17
active region-configuration
vlan20在SW1上为主
stp instance 1 root primary
vlan17在SW1上为备
stp instance 2 root secondary
stp pathcost-standard legacy