Documente Academic
Documente Profesional
Documente Cultură
HCIA-WALN
Experiment Guide for WLAN
n
Engineers(WEB) /e
m o
. c
wei
ISSUE:2.0
u a
. h
i ng
r n
a
: //le
t t p
: h
e s
r c
ou
s
Re
i n g
a rn
e Le HUAWEI TECHNOLOGIES CO., LTD.
o r
M
1
Huawei WLAN Certification Training Experiment Guide
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
n
Notice
/e
om
The purchased products, services and features are stipulated by the contract made between Huawei and
. c
the customer. All or part of the products, services and features described in this document may not be
i
e
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees
or representations of any kind, either express or implied.
aw
u
The information in this document is subject to change without notice. Every effort has been made in the
h
g .
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
n i n
ar
: //le
t t p
: h
e s
r c
u
Huawei Technologies Co., Ltd.
o
s
Address:
Re
Huawei Industrial Base
i n g
Bantian, Longgang
rn
Shenzhen 518129
Website:
e Le http://e.huawei.com
o r
M
华为专有和保密信息
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
华为专有和保密信息 1
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
Overview
This document is applicable to the candidates who are preparing for the HCIA-WLAN
exam and the readers who want to understand the WLAN basics, the CAPWAP protocol,
WLAN networking, Huawei WLAN product features, security configuration, WLAN
advanced technology, antennas, WLAN network planning and optimization, and WLAN
n
/e
fault troubleshooting.
. c om
Description
e i
aw
This experiment guide introduces the following six experiments, covering basic
hu
configurations, and configurations and implementation of Layer 2 networking, security,
Layer 3 networking, and the network management software eSight.
g .
Experiment 1: AC configuration initialization
n i n
r
This experiment involves basis operations and configurations on an AC, helping you
a
/le
know the AC6005 and its basic functions.
/
Experiment 2: AP authentication and WLAN configuration process
p :
This experiment lets you know basic WLAN network capabilities through basic WLAN
configurations.
t t
: h
Experiment 3: WLAN security configuration
e s
This experiment mainly introduces 802.1x authentication, helping you know WLAN
rc
security and the configuration process.
ou
Experiment 4: WLAN configuration on eSight
s
This experiment involves how to add WLAN devices to the eSight and deliver WLAN
Re
services using the configuration wizard.
Experiment 5: Bypass Layer 3 networking
i n g
This experiment uses the AC6005 and Layer 3 networking. The Layer 3 network
rn
configuration helps you comprehensively know WLAN networking modes.
e Le This experiment describes how to back up configuration files through File Transfer
Protocol (FTP).
o r
M
华为专有和保密信息 3
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
Common Icons
n
/e
. com
e i
aw
hu
g .
n i n
ar
: //le
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 4
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
Device Introduction
n
he following table lists devices recommended for HCIA-WLAN experiments and the /e
om
mappings between the device name, model, and software version.
. h
g
AC AC6005-8-PWR AC6005 V200R007C10SPC100
AP AP4030DN
i n
AP4030DN V200R007C10SPC100
n
NMS eSight Network
ar
eSight Network V300R006C00SPC505
: //le
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 5
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
Radius Server 1 Shared by all groups
om
Huawei 3700PoE/
c
1 Shared by all groups
Huawei 5700PoE Switch
e i .
AC6005
One for each
group
aw
h u
AP4030DN
Two for each
g .
group
n i n
One for each
arA desktop computer requires a
/le
Laptop or desktop computer
group network adapter
: /
Twisted pair
t
group
t p
Four for each The twisted pair must be at least
2 meters long
: h
es
One for each
Console cable
group
r c
ou
Each group must check whether the following devices are ready:
s
One AC6005 Re
i n g
Two AP4030DN
a rn
One laptop or desktop computer
Le
Four twisted pairs
re
One console cable
o
M
华为专有和保密信息 6
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
Experiment topology
n
/e
. com
e i
aw
hu
g .
n i n
ar
Key points of bypass topology establishment:
: //le
t t p
This course uses a layer 3 bypass topology. Devices are connected as follows:
: h
s
For group 1, port 8 of AC1 is connected to port 1 of the switch. AP1 is connected to port
e
10 of the switch. AP2 is connected to port 11 of the switch.
rc
u
For group 2, port 8 of AC2 is connected to port 2 of the switch. AP3 is connected to port
o
12 of the switch. AP4 is connected to port 13 of the switch.
s
Re
For group 3, port 8 of AC3 is connected to port 3 of the switch. AP5 is connected to port
14 of the switch. AP6 is connected to port 15 of the switch.
i n g
The same rule applies to all other groups.
a rnFor group 6, port 8 of AC6 is connected to port 6 of the switch. AP11 is connected to
port 20 of the switch. AP12 is connected to port 21 of the switch.
e Le
o r
M
华为专有和保密信息 7
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
AC Configuration Removal
Trainees must remove previously saved configurations after the experiment is complete
and before devices are turned off, to avoid any impact of the configurations on the next
experiment. In addition, trainees must confirm that the device is not configured before an
experiment starts. If it is not, remove the configurations and then restart the device.
You need a password to log in to the router. The login password is Admin@123 in this
experiment.
Login authentication
Password:Admin@123
<AC6005>reset saved-configuration
This will delete the configuration in the flash memory.
n
/e
The device configurations will be erased to reconfigure.
Are you sure? (y/n)[n]:y
om
Clear the configuration in the device successfully.
华为专有和保密信息 8
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
Contents
n
/e
Experiment Environment Preparation .....................................................................................................................6
om
1 Experiment 1:AC configuration initialization ....................................................................... 12
c
1.1 About This Course .........................................................................................................................................12
e i .
1.1.1 Objectives ..................................................................................................................................................12
w
1.1.2 Topology ....................................................................................................................................................12
a
u
1.1.3 Plan ...........................................................................................................................................................13
. h
1.2 Experiment Task ............................................................................................................................................14
i n g
1.2.1 Configuration Procedure .............................................................................................................................14
n
1.3 Verification ...................................................................................................................................................25
r
a
1.3.1 Telnet AC ...................................................................................................................................................25
: / /le
1.4 Reference Configuration ................................................................................................................................25
1.4.1 S5700 Configuration ..................................................................................................................................25
t t p
1.4.2 AC Configuration ........................................................................................................................................27
u rc
2.1.1 Objectives ..................................................................................................................................................32
o
2.1.2 Topology ....................................................................................................................................................32
s
Re
2.1.3 Plan ...........................................................................................................................................................33
2.2 Experiment Task ............................................................................................................................................35
i n g
2.2.1 Configuration Procedure .............................................................................................................................35
rn
2.3 Verification ...................................................................................................................................................55
a
Le
2.3.1 Checking the VAP List .................................................................................................................................55
2.3.2 Terminal Connection Test ............................................................................................................................55
r e
2.4 Reference Configuration ................................................................................................................................56
o
2.4.1 S5700 Configuration ..................................................................................................................................56
M
2.4.2 AC Configuration ........................................................................................................................................58
华为专有和保密信息 9
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
4.1 About This Course .........................................................................................................................................92
/e
4.1.1 Objectives ..................................................................................................................................................92
om
4.1.2 Topology ....................................................................................................................................................92
i . c
4.1.3 Plan ...........................................................................................................................................................93
w e
4.2 Experiment Task ............................................................................................................................................94
4.2.1 Configuration Procedure .............................................................................................................................94
u a
4.3 Verification .................................................................................................................................................113
. h
4.3.1 Connect an STA to the WLAN ...................................................................................................................113
n g
4.4 Reference Configuration ..............................................................................................................................114
i
n
4.4.1 S5700 Configuration ................................................................................................................................114
r
l e a
4.4.2 AC Configuration ......................................................................................................................................117
/: /
5 Experiment 5: Layer 3 Networking Experiment .................................................................. 123
tp
5.1 About This Course .......................................................................................................................................123
h t
5.1.1 Objectives ................................................................................................................................................123
s :
5.1.2 Topology ..................................................................................................................................................123
c e
5.1.3 Plan .........................................................................................................................................................124
r
u
5.2 Experiment Task ..........................................................................................................................................125
o
s
5.2.1 Configuration Procedure ...........................................................................................................................125
e
5.3 Verification .................................................................................................................................................130
R
g
5.3.1 Verifiy the L3 Network Status ....................................................................................................................130
i n
5.4 Reference Configuration ..............................................................................................................................131
rn
5.4.1 S5700 Configuration ................................................................................................................................131
a
e 6: Backup the Configuration and Reset the Device...................................... 139
5.4.2 AC Configuration ......................................................................................................................................133
L
e
6 Experiment
r
o
6.1 About This Course .......................................................................................................................................139
华为专有和保密信息 10
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. c om
e i
aw
h u
g .
n i n
ar
: / /le
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 11
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
. com
Configure VLAN and routing in the AC
Configure telnet service of the AC e i
Save the configuration in the AC
aw
hu
1.1.2 Topology
g .
n i n
ar
: //le
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 12
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
1.1.3 Plan
You must configure devices according to the plan to avoid errors. This experiment uses
group 1 as an example to illustrate rules for configuring the device name, VLAN, and
Trunk.
The following table describes device connections.
Group
AC-Switch Port AP-Switch Port
No
AP1-G0/0/10
1 AC1—G0/0/1
n
/e
AP2-G0/0/11
om
AP3-G0/0/12
c
2 AC2—G0/0/2
AP4-G0/0/13
e i .
3 AC3—G0/0/3
AP5-G0/0/14
aw
AP6-G0/0/15
hu
AP7-G0/0/15
g .
4 AC4—G0/0/4
AP8-G0/0/16
n i n
ar
/le
AP9-G0/0/17
5 AC5—G0/0/5
:
AP10-G0/0/18
/
t t p
AP11-G0/0/19
h
6 AC6—G0/0/6
s:
AP12-G0/0/20
r c e
The following table describes an AC parameter configuration template.
ou
Trainee GroupX
s AC Configuration
i n g
Device ACX
a rnAP Management
VLAN:X0 IP:10.1.X0.100
Le
VLAN
re
Service VLAN
VLAN:X1 IP:10.1.X1.100
(Employee)
o
M Service VLAN (Voice)
VLAN:X3
IP:10.1.X2.100
IP:10.1.X3.100
华为专有和保密信息 13
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
configured.
The web browser software has been installed on your PC.
i . c
w e
The IP address 169.254.1.1 and subnet mask 255.255.0.0 have been configured on
MEth0/0/1 of the AC6605 before the delivery.
u a
. h
The IP address 169.254.1.1 and subnet mask 255.255.0.0 have been configured on
MEth0/0/1 of the ACU2 before the delivery.
i n g
n
The IP address 169.254.1.1 and subnet mask 255.255.0.0 have been configured on
r
a
VLANIF 1 of the AC6005 before the delivery, and interfaces GE0/0/1 to GE0/0/8 have been
/le
added to VLAN 1 by default.
: /
Before the device is delivered, the HTTP and HTTPS services have been configured on the
t p
device. The default port number is 80 for HTTP and 443 for HTTPS. The default user name
t
and password are respectively admin and admin@huawei.com.
: h
e s
u rc
s o
Re
i n g
rn
Procedure
a Open a browser such as Internet Explorer 7.0, enter http://IP address or https://IP address
o r an IP Address for Web Platform Login.) The web platform login page is displayed.
M
Select a language. The system supports English and Chinese. By default, the system uses
the same language as the browser.
Enter a user name and password. The default user name and password are admin and
admin@huawei.com.
Click Login.
This experiment takes the first set of 172.21.11.3 as an example.
华为专有和保密信息 14
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. c om
e i
aw
h u
Change the password upon the first login. Changing the password to Admin@123 is
used as an example in this document.
g .
n i n
ar
: //le
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
After logging in to the web-based AC, click at the upper-right corner.
The command-line interface (CLI) is displayed.
华为专有和保密信息 15
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
You can enter command lines to manage and maintain the device. The login password is
om
Admin@123. (The Firefox browser is recommended.)
i . c
w e
u a
. h
i n g
r n
a
Step2 Configuring a Switch
: //le
t p
Configure the access switch S5700. Add GE0/0/10 and GE0/0/11 to VLANX0
t
(management VLAN) and set the port VLAN ID (PVID) to VLANX0. Add GE0/0/8 to VLANs
X0 through X3(Connect to AC).
: h
<Huawei>system-view
e s
rc
[Huawei]sysname S5700
u
[S5700]vlan batch 10 to 13
o
[S5700]interface GigabitEthernet0/0/10
s
[S5700-GigabitEthernet0/0/10]port link-type trunk
Re
[S5700-GigabitEthernet0/0/10]port trunk pvid vlan 10
[S5700-GigabitEthernet0/0/10]port trunk allow-pass vlan 10 to 13
n g
[S5700-GigabitEthernet0/0/10]quit
i
[S5700]interface GigabitEthernet0/0/11
Le
[S5700-GigabitEthernet0/0/11]port trunk pvid vlan 10
[S5700-GigabitEthernet0/0/11]port trunk allow-pass vlan 10 to 13
e
[S5700-GigabitEthernet0/0/11]quit
华为专有和保密信息 16
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
. com
i
Choose Maintenance > AC Maintenance > Basic. Set Device name to AC1. Click Apply.
e
aw
hu
g .
n i n
ar
: //le
t t p
: h
e s
u rc
s o
Re
Configuring VLANs
i n g
Choose Configuration > AC Config > VLAN, The VLAN configuration page is displayed,
Click Batch Create.
a rn
e Le
o r
M
华为专有和保密信息 17
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
Create VLANX0~VLANX3。
n
/e
Configure IP address of the GE0/0/8 interface to connect S5700.
. com
e i
aw
hu
g .
n i n
ar
: //le
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 18
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
Check the interface configuration.
g .
n i n
ar
: //le
t t p
: h
e s
u rc
s o
Re
i n g
Configure IP addresses of the layer 3 interfaces corresponding to the VLANs.
a rnChoose Configuration > AC Config > VLAN > VLANIF. The VLANIF page is displayed.
Le
Click Create. Set parameters on the Create VLANIF page.
r e
o
M
华为专有和保密信息 19
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
g .
n i n
ar
: //le
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 20
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
g .
n i n
ar
: //le
Check the VLANIF interface
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M Check whether the route between the AC and the layer 3 switch is reachable. The
following command output indicates that 10X.10X.10X.10X (the simulated public
network interface on the switch) cannot be pinged.
Choose Diagnosis > Diagnosis Tools > Ping.
华为专有和保密信息 21
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
Enter the destination IP address, click start.
. com
e i
aw
hu
g .
n i n
ar
: //le
t t p
: h
Configure a static route for the switch.
e s
Choose Configuration > AC Config > IP > Route > Static Route Configuration Table. The
rc
static route management page is displayed.
u
Click Create, configure static route information on the new page, and click OK.
o
s
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 22
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
g .
n i n
ar
: //le
t t p
Step4 Configuring and Testing the Telnet/SSH Service (AAA Authentication)
authentication.
: h
Enable and configure telnet service in the AC, add account huawei for AAA
e s
Choose Maintenance > AC Maintenance > System > Service Management. Enable Telnet.
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 23
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
Choose Maintenance > AC Maintenance > Administrator. The Administrator page is displayed.
Create an administrator account: username huawei, password Admin@123.
n
/e
. c om
e i
aw
h u
g .
n i n
ar
: //le
t t p
: h
e s
Step5 Save the Configuration
u rc
s o
Re
Any change through web-based configuration, you need to click “save” to save the
configuration to the device. If you don’t save it , the configuration will lost after rebooted.
i n g
Save the configuration through the upper right of the page.
a rn
e Le
o r
M
华为专有和保密信息 24
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
1.3 Verification
1.3.1 Telnet AC
After Configure telnet, test the telnet service on S5700.
<S5700>telnet 10.1.10.100
Trying 10.1.10.100 ...
Press CTRL+K to abort
Connected to 10.1.10.100 ...
Warning: Telnet is not a secure protocol, and it is recommended to use
n
/e
Stelnet.
om
Login authentication
i . c
Username:huawei
we
Password:
u a
h
-----------------------------------------------------------------------
------
g .
n
User last login information:
n i
-----------------------------------------------------------------------
------
ar
/le
Access Type: Telnet
IP-Address : 10.1.10.1
: /
Time : 2016-11-18 19:54:01+08:00
t t p
-----------------------------------------------------------------------
------
: h
<AC1>
e s
rc
Login AC successfully.
ou
s
Re
1.4 Reference Configuration
i n g
1.4.1 S5700 nConfiguration
a r
L e #
r e sysname S5700
o
#
vlan batch 10 to 13
M #
lldp enable
#
undo http server enable
undo http secure-server enable
#
undo nap slave enable
华为专有和保密信息 25
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %@%@5d~9:M^ipCfL\iB)EQd>3Uwe%@%@
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 10.1.10.1 255.255.255.0
n
/e
#
om
interface Vlanif11
ip address 10.1.11.1 255.255.255.0
#
i . c
e
interface Vlanif12
ip address 10.1.12.1 255.255.255.0
#
aw
interface Vlanif13
hu
.
ip address 10.1.13.1 255.255.255.0
#
interface MEth0/0/1
i n g
ip address 172.21.11.1 255.255.0.0
r n
#
a
/le
interface GigabitEthernet0/0/1
port link-type trunk
: /
p
port trunk allow-pass vlan 10 to 13
#
t t
interface GigabitEthernet0/0/2
: h
s
#
#
rc e
interface GigabitEthernet0/0/3
u
interface GigabitEthernet0/0/4
o
s
#
Re
interface GigabitEthernet0/0/5
#
#
i n g
interface GigabitEthernet0/0/6
rn
interface GigabitEthernet0/0/7
a
#
Le
interface GigabitEthernet0/0/8
#
r e interface GigabitEthernet0/0/9
o #
M
interface GigabitEthernet0/0/10
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 to 13
#
interface GigabitEthernet0/0/11
port link-type trunk
port trunk pvid vlan 10
华为专有和保密信息 26
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
om
#
interface GigabitEthernet0/0/19
#
i . c
e
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
aw
#
hu
.
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
i n g
#
r n
interface GigabitEthernet0/0/24
a
/le
#
interface NULL0
: /
p
#
interface LoopBack1
t t
h
ip address 101.101.101.101 255.255.255.255
:
s
#
user-interface con 0
rc e
authentication-mode password
ou
set authentication password
cipher %@%@;|J%=/[d[O@L[qD[Xhh~,3[~S(Zs:\Ot8H6*x_MAW=N$3[B,%@%@
s
Re
user-interface vty 0 4
authentication-mode password
g
user privilege level 3
i n
set authentication password
rn
cipher %@%@`KL`QN[h79h[6AS2ggdT<+Hjaz5lH\hpS4]~^/-CFvtO+Hm<%@%@
protocol inbound all
a
Le
user-interface vty 16 20
#
r e return
o AC Configuration
1.4.2
M <AC1>display current-configuration
#
sysname AC1
#
http secure-server ssl-policy default_policy
华为专有和保密信息 27
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
om
#
diffserv domain default
#
i . c
e
radius-server template default
#
pki realm default
aw
rsa local-key-pair default
hu
.
enrollment self-signed
#
ssl policy default_policy type server
i n g
pki-realm default
r n
version tls1.0 tls1.1
a
/le
ciphersuite rsa_aes_128_cbc_sha
#
: /
p
ike proposal default
encryption-algorithm aes-256
t t
dh group2
: h
s
authentication-algorithm sha2-256
rc e
authentication-method pre-share
integrity-algorithm hmac-sha2-256
u
prf hmac-sha2-256
o
s
#
Re
free-rule-template name default_free_rule
#
#
i n g
portal-access-profile name portal_access_profile
rn
aaa
a
authentication-scheme default
Le
authentication-scheme radius
authentication-mode radius
r e authorization-scheme default
o accounting-scheme default
M
domain default
authentication-scheme default
domain default_admin
authentication-scheme default
local-user admin password irreversible-cipher $1a$VNcE$6oR"2$aASkVyCl-
~~qx^~!e+:.S|>BJto>%VV[WvDxK./G$
local-user admin privilege level 15
local-user admin service-type ssh http
华为专有和保密信息 28
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
#
/e
interface Vlanif12
ip address 10.1.12.100 255.255.255.0
om
#
interface Vlanif13
ip address 10.1.13.100 255.255.255.0
i . c
#
we
a
interface Vlanif4090
ip address 172.21.11.3 255.255.0.0
hu
.
#
interface GigabitEthernet0/0/1
#
i n g
interface GigabitEthernet0/0/2
r n
a
#
/le
interface GigabitEthernet0/0/3
/
#
interface GigabitEthernet0/0/4
p :
#
t t
interface GigabitEthernet0/0/5
#
: h
e s
interface GigabitEthernet0/0/6
rc
#
ou
interface GigabitEthernet0/0/7
port link-type access
s
Re
port default vlan 4090
stp disable
g
#
i n
interface GigabitEthernet0/0/8
rn
port link-type trunk
a
port trunk allow-pass vlan 10 to 13
Le
#
interface NULL0
r e #
o
snmp-agent local-engineid 800007DB03845B12566919
snmp-agent community
M read %^%#En_g+AWfX>adWz&5.!G~E^)4&/r]vCScEB~w~u%Zje-
$@`GH0BN7e"$A8PF(_n~lC9qvT)O*{4!I+:yR%^%#
snmp-agent community write %^%#atYiX7&TjG<o\Y/.2Y-
V/8bVI&sGJOTB4$0Y@{"2$306$`dp;=7cULM)*$.3Q!lXY<}!y7jZ,7BS"NNY%^%#
snmp-agent sys-info version v2c
snmp-agent
#
华为专有和保密信息 29
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
i . c
e
user-interface vty 0 4
authentication-mode aaa
user privilege level 3
aw
protocol inbound telnet
hu
user-interface vty 16 20
protocol inbound all
g .
#
n i n
r
wlan
traffic-profile name default
a
/le
security-profile name default
security-profile name default-wds
: /
p
security wpa2 psk pass-phrase %^%#CB&>,Q$BB>x\Fn"|^%qToSj.2]:%J"+-
qK%aTJ_0%^%# aes
t t
: h
security-profile name default-mesh
security wpa2 psk pass-phrase %^%#]7|J"`LHnEQ=,-
e s
GJS[q&>M">Qsqw;9mb8$0`_=6I%^%# aes
rc
ssid-profile name default
u
vap-profile name default
o
mesh-handover-profile name default
s
Re
mesh-profile name default
wds-profile name default
g
regulatory-domain-profile name default
n
air-scan-profile name default
i
rn
rrm-profile name default
radio-2g-profile name default
a
Le
radio-5g-profile name default
wids-spoof-profile name default
o
ap-system-profile name default
port-link-profile name default
华为专有和保密信息 30
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
g .
n i n
ar
: //le
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 31
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
华为专有和保密信息 32
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
2.1.3 Plan
You must configure devices according to the plan to avoid errors. This experiment uses
group 1 as an example to illustrate rules for configuring the device name, VLAN, and
Trunk.
The following table describes device connections.
Group
AC-Switch Port AP-Switch Port
No.
AP1-G0/0/10
1 AC1—G0/0/1
n
/e
AP2-G0/0/11
om
AP3-G0/0/12
c
2 AC2—G0/0/2
AP4-G0/0/13
e i .
3 AC3—G0/0/3
AP5-G0/0/14
aw
AP6-G0/0/15
hu
AP7-G0/0/15
g .
4 AC4—G0/0/4
AP8-G0/0/16
n i n
ar
/le
AP9-G0/0/17
5 AC5—G0/0/5
:
AP10-G0/0/18
/
t t p
AP11-G0/0/19
h
6 AC6—G0/0/6
s:
AP12-G0/0/20
r c e
The following table describes an AC parameter configuration template.
ou
s Country code: CN
Re
AC Information
WLAN source: VLAN X0
ing
AP authentication mode: mac-auth
AP Authentication
a rn AP MAC address
Le
Name: ap-groupX
re
VAP ID 1: VAP profile: guestX
regulatory domain profile: domainX
o AP Group VAP ID 2: VAP profile: voiceX
M regulatory domain profile: domainX
VAP ID 3: VAP profile: employeeX
regulatory domain profile: domainX
Name: employeeX SSID Profile: employeeX
SSID Profile
Name: voiceX SSID Profile: voiceX
华为专有和保密信息 33
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
华为专有和保密信息 34
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
2. Create an AP
/e
om
group. Create an AP group.
i . c
Configure AC
management on
3. Configure the
AP going online.
Configure the country code of the AC.
Configure the authentication mode for the AP .
w
Configure the AC source port (for establishing e
a
fit APs. a tunnel with the AP).
h u
4/5. Configure
Configure the
security profile.
g . Configure the
SSID profile.
n
Being
i
WLAN service referred to
parameters.
r n Configure the
/le
VAP profile.
:/
Being referred to
es
5. Bind the profile
c
to the AP group.
u r
Step2 Configuring a Switch
s o
Re
Continue the configuration from experiment 1, the configuration of the switch has
been ready.
n g
Step3 Configuring Basic AC Parameters
i
a rn Continue the configuration from experiment 1, the configuration of the switch has been
ready.
L
Step4e Creating an AP Group
r e
o Choose Configuration > AP Config > AP Group > AP Group, The AP Group page is displayed. Click
M
Create. Create ap-groupX.
华为专有和保密信息 35
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
g .
n i n
Step5 Configuring AP Online Parameters
ar
Enable DHCP server.
: //le
t t p
Click Configuration > AC Config > IP > DHCP Address Pool. set DHCP status to ON to
enable the DHCP function, and click Create to create a DHCP address pool.
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 36
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
g .
n i n
ar
: //le
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 37
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
g .
n i n
ar
/le
Configure the interface for address pool employeeX.
: /
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 38
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
g .
n i n
ar
: //le
Configure the interface for address pool voiceX.
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 39
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
g .
n i n
ar
/le
Configure the interface for address pool guestX.
: /
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 40
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
Create a regulatory domain profile.
g .
i n
Click Configuration > AP Config > Profile > Radio Management > Regulatory Domain
Profile. Click Create on the right pane.
n
ar
: //le
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 41
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
om
source address, click , and set the AC source address to VLANIF801. Click Apply.
i . c
w e
u a
. h
i n g
r n
a
: //le
t t p
: h
e s
u rc
s o
Re
Import the AP offline to the AC and add two APs to AP group ap-groupX. Name the two
APs AP1 and AP2.
i n g
a rn
e Le
o r
M
华为专有和保密信息 42
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
Add AP1
e i
aw
hu
g .
n i n
ar
: //le
t t p
Add AP2
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r After we add the AP to the MAC address authentication list, the status of the AP will
change from fault to config and final to the normal status, we need to wait for several
M minutes, if the status could not change to normal status, pls re-check your configuration.
华为专有和保密信息 43
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
g .
n i n
ar
Add the two APs to AP group ap-groupX.
: //le
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 44
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
View AP information.
华为专有和保密信息 45
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
g .
n i n
ar
: //le
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 46
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
g .
n i n
ar
: //le
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 47
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
g .
n i n
ar
: //le
t t p
h
Create”employee”、”voiceX” and “guestX” VAP profile, configure “employee”、”voice”
:
s
forwarding mode to direct. “guestX” forwarding mode to tunnel, conjure service VLAN.
e
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 48
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
g .
n i n
ar
: //le
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 49
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
g .
n i n
ar
: //le
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 50
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
g .
n i n
ar
: //le
t t p
: h
e s
Use the default forwarding mode (direct forwarding). Changing the forwarding mode will
rc
trigger risk notifications.
ou
s
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 51
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
g .
n i n
ar
: //le
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 52
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
Bind regulatory domain profile and VAP profile to the AP group.
aw
u
Choose configuration > AP configuretion > AP group configuration , click ap-groupX.
h
g .
n i n
ar
: //le
t t p
: h
e s
Add VAP profile. Set WLAN ID and Radio.
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 53
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
n
/e
. com
e i
aw
hu
g .
n i n
ar
/le
Bind regulatory domain profile domainX to the AP group.
: /
t t p
: h
e s
u rc
s o
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 54
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
2.3 Verification
n
/e
. com
e i
aw
hu
g .
n i n
ar
: //le
t t p
2.3.2 Terminal Connection Test
: h
e s
rc
Connect STAs to the WLANs with SSIDs employeeX, voiceX and guestX. Run the display
station all commands on the AC.
ou
Choose Monitorng > user > 用户统计, view user list.
s
Re
i n g
a rn
e Le
o r
M
华为专有和保密信息 55
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
e i.c
aw
u
g .h
ni n
r
On the wireless terminal, ping the IP address of the simulated public network interface on
lea
the switch.
C:\Users\zWX>ping 101.101.101.101
: //
t t p
PING 101.101.101.101: 56 data bytes, press CTRL_C to break
Reply from 101.101.101.101: bytes=56 Sequence=1 ttl=255 time=7 ms
:h
Reply from 101.101.101.101: bytes=56 Sequence=2 ttl=255 time=10 ms
s
Reply from 101.101.101.101: bytes=56 Sequence=3 ttl=255 time=10 ms
e
c
Reply from 101.101.101.101: bytes=56 Sequence=4 ttl=255 time=10 ms
r
ou
Reply from 101.101.101.101: bytes=56 Sequence=5 ttl=255 time=10 ms
es
--- 101.101.101.101 ping statistics ---
R
5 packet(s) transmitted
i n g
5 packet(s) received
0.00% packet loss
n
ar
round-trip min/avg/max = 7/9/10 ms
L e
e
2.4rReference Configuration
o
M2.4.1 S5700 Configuration
#
sysname S5700
#
vlan batch 10 to 13
#
lldp enable
#
华为专有和保密信息 56
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
local-user admin password cipher %@%@5d~9:M^ipCfL\iB)EQd>3Uwe%@%@
/
#
local-user admin service-type http
o m
i.c
interface Vlanif1
#
interface Vlanif10
w e
#
ip address 10.1.10.1 255.255.255.0
u a
interface Vlanif11
ip address 10.1.11.1 255.255.255.0
g .h
#
ni n
interface Vlanif12
r
lea
ip address 10.1.12.1 255.255.255.0
//
#
interface Vlanif13
p :
t
ip address 10.1.13.1 255.255.255.0
#
t
:h
interface MEth0/0/1
s
ip address 172.21.11.1 255.255.0.0
e
c
#
r
interface GigabitEthernet0/0/1
ou
port link-type trunk
#
es
port trunk allow-pass vlan 10 to 13
R
interface GigabitEthernet0/0/2
#
i n g
interface GigabitEthernet0/0/3
n
ar
#
interface GigabitEthernet0/0/4
L e #
interface GigabitEthernet0/0/5
e
or
#
interface GigabitEthernet0/0/6
M #
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 to 13
华为专有和保密信息 57
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
#
interface GigabitEthernet0/0/11
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 to 13
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
e n
#
/
interface GigabitEthernet0/0/15
#
o m
i.c
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
w e
#
interface GigabitEthernet0/0/18
u a
#
interface GigabitEthernet0/0/19
g .h
#
ni n
interface GigabitEthernet0/0/20
r
lea
#
//
interface GigabitEthernet0/0/21
#
p :
t
interface GigabitEthernet0/0/22
#
t
:h
interface GigabitEthernet0/0/23
#
e s
c
interface GigabitEthernet0/0/24
#
r
ou
interface NULL0
#
es
interface LoopBack1
R
ip address 101.101.101.101 255.255.255.255
#
i n g
user-interface con 0
n
ar
authentication-mode password
set authentication password
L e cipher %@%@;|J%=/[d[O@L[qD[Xhh~,3[~S(Zs:\Ot8H6*x_MAW=N$3[B,%@%@
user-interface vty 0 4
e
or
authentication-mode password
user privilege level 3
M
set authentication password
cipher %@%@`KL`QN[h79h[6AS2ggdT<+Hjaz5lH\hpS4]~^/-CFvtO+Hm<%@%@
protocol inbound all
user-interface vty 16 20
#
return
2.4.2 AC Configuration
#
华为专有和保密信息 58
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
sysname AC1
#
http secure-server ssl-policy default_policy
http server enable
#
undo portal url-encode enable
#
ssl renegotiation-rate 1
#
vlan batch 10 to 13 4090
#
e n
authentication-profile name default_authen_profile
/
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
o m
i.c
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
#
w e
lldp enable
#
u a
dhcp enable
#
g .h
diffserv domain default
ni n
#
r
lea
radius-server template default
//
#
pki realm default
p :
t
rsa local-key-pair default
enrollment self-signed
t
:h
#
s
ssl policy default_policy type server
e
c
pki-realm default
r
version tls1.0 tls1.1
ou
ciphersuite rsa_aes_128_cbc_sha
#
es
ike proposal default
R
encryption-algorithm aes-256
i n g
dh group2
authentication-algorithm sha2-256
n
ar
authentication-method pre-share
integrity-algorithm hmac-sha2-256
L e #
prf hmac-sha2-256
e
or
free-rule-template name default_free_rule
#
华为专有和保密信息 59
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
ip pool voice1
gateway-list 10.1.12.1
network 10.1.12.0 mask 255.255.255.0
#
ip pool guest1
gateway-list 10.1.13.1
network 10.1.13.0 mask 255.255.255.0
#
aaa
authentication-scheme default
authentication-scheme radius
e n
authentication-mode radius
/
authorization-scheme default
accounting-scheme default
o m
i.c
domain default
authentication-scheme default
domain default_admin
w e
authentication-scheme default
u a
local-user admin password irreversible-cipher $1a$VNcE$6oR"2$aASkVyCl-
~~qx^~!e+:.S|>BJto>%VV[WvDxK./G$
local-user admin privilege level 15
g .h
local-user admin service-type ssh http
ni n
r
local-user huawei password irreversible-cipher
lea
$1a$6@(!=HT_IP$A=lvP*~iu+0<..Y&4`Y6+j4$Xkcf=#aMU=5[4wEP$
local-user huawei privilege level 1
: //
local-user huawei service-type telnet ssh http
p
#
interface Vlanif1
t t
:h
ip address 169.254.1.1 255.255.0.0
s
#
interface Vlanif10
r c e
ip address 10.1.10.100 255.255.255.0
ou
dhcp select global
s
#
Re
interface Vlanif11
ip address 10.1.11.100 255.255.255.0
#
i n g
dhcp select global
ninterface Vlanif12
ar
ip address 10.1.12.100 255.255.255.0
L e #
dhcp select global
e
or
interface Vlanif13
ip address 10.1.13.100 255.255.255.0
M
dhcp select global
#
interface Vlanif4090
ip address 172.21.11.3 255.255.0.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
华为专有和保密信息 60
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 4090
stp disable
#
e n
interface GigabitEthernet0/0/8
/
port link-type trunk
port trunk allow-pass vlan 10 to 13
o m
i.c
#
interface NULL0
#
w e
#
info-center timestamp log format-date
u a
snmp-agent local-engineid 800007DB03845B12566919
snmp-agent community
g .h
i
read %^%#En_g+AWfX>adWz&5.!G~E^)4&/r]vCScEB~w~u%Zje-
n n
r
$@`GH0BN7e"$A8PF(_n~lC9qvT)O*{4!I+:yR%^%#
lea
snmp-agent community write %^%#atYiX7&TjG<o\Y/.2Y-
V/8bVI&sGJOTB4$0Y@{"2$306$`dp;=7cULM)*$.3Q!lXY<}!y7jZ,7BS"NNY%^%#
//
snmp-agent sys-info version v2c
snmp-agent
p :
#
t t
:h
undo telnet ipv6 server enable
ssh server secure-algorithms cipher aes256_ctr aes128_ctr aes256_cbc
aes128 3des
e s
md5_96
r c
ssh server secure-algorithms hmac sha2_256 sha2_256_96 sha1 sha1_96 md5
ou
ssh server key-exchange dh_group14_sha1
e
aes128 3dess
ssh client secure-algorithms cipher aes256_ctr aes128_ctr aes256_cbc
R
ssh client secure-algorithms hmac sha2_256 sha2_256_96 sha1 sha1_96 md5
i n g
md5_96
ssh client key-exchange dh_group14_sha1
n
ar
#
ip route-static 0.0.0.0 0.0.0.0 10.1.10.1
L e #
capwap source interface vlanif10
e
or
#
user-interface con 0
M
authentication-mode password
set authentication password
cipher %^%#1<n6!"VC7VQQj=/vGNXG}:Eu&6zT3'C<qU9G'>N8A~"fK_+WA~0De+C]/yW"
%^%#
user-interface vty 0 4
authentication-mode aaa
user privilege level 3
protocol inbound telnet
user-interface vty 16 20
protocol inbound all
#
华为专有和保密信息 61
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
wlan
traffic-profile name default
security-profile name default
security-profile name default-wds
security wpa2 psk pass-phrase %^%#CB&>,Q$BB>x\Fn"|^%qToSj.2]:%J"+-
qK%aTJ_0%^%# aes
security-profile name default-mesh
security wpa2 psk pass-phrase %^%#]7|J"`LHnEQ=,-
GJS[q&>M">Qsqw;9mb8$0`_=6I%^%# aes
ssid-profile name guest1
ssid guest1
e n
/
ssid-profile name voice1
ssid voice1
ssid-profile name default
o m
i.c
ssid-profile name employee1
e
ssid employee1
vap-profile name guest1
forward-mode tunnel
aw
service-vlan vlan-id 13
u
.h
vap-profile name voice1
service-vlan vlan-id 12
ssid-profile voice1
i n g
vap-profile name default
r n
lea
vap-profile name employee1
service-vlan vlan-id 11
ssid-profile employee1
: //
p
mesh-handover-profile name default
mesh-profile name default
t t
:h
wds-profile name default
s
regulatory-domain-profile name default
r c e
regulatory-domain-profile name domain1
air-scan-profile name default
ou
rrm-profile name default
s
radio-2g-profile name default
Re
radio-5g-profile name default
wids-spoof-profile name default
i n g
wids-profile name default
ap-system-profile name default
ar
wired-port-profile name default
e
or
ap-group name ap-group1
regulatory-domain-profile domain1
M
radio 0
vap-profile employee1 wlan 1
vap-profile voice1 wlan 2
vap-profile guest1 wlan 3
radio 1
vap-profile employee1 wlan 1
vap-profile voice1 wlan 2
vap-profile guest1 wlan 3
radio 2
vap-profile employee1 wlan 1
vap-profile voice1 wlan 2
华为专有和保密信息 62
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
undo ntp-service enable
/
#
return
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 63
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
ni
3.1.2 Topology r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 64
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
3.1.3 Plan
You must configure devices according to the plan to avoid errors. This experiment uses
group 1 as an example to illustrate rules for configuring the device name, VLAN, and
Trunk.
The following table describes device connections.
Group
n
AC-Switch Port AP-Switch Port
No.
/ e
1 AC1—G0/0/1
AP1-G0/0/10
o m
i.c
AP2-G0/0/11
AP3-G0/0/12
w e
a
2 AC2—G0/0/2
AP4-G0/0/13
u
AP5-G0/0/14
g .h
3 AC3—G0/0/3
AP6-G0/0/15
ni n
r
lea
AP7-G0/0/15
4 AC4—G0/0/4
AP8-G0/0/16
//
p :
t t
AP9-G0/0/17
:h
5 AC5—G0/0/5
AP10-G0/0/18
e s
6 AC6—G0/0/6
r c AP11-G0/0/19
ou
AP12-G0/0/20
es
The following table describes an AC parameter configuration template.
R
ing
Name: ap-groupX
rn
VAP ID 1: VAP profile: guestX
regulatory domain profile: domainX
M RADIUS Server
Profile
Name: huawei Key: huawei
华为专有和保密信息 65
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
g
Security Profile voiceX .h
Name: guestX
ni n
r
Forwarding mode: tunnel forwarding
Service VLAN: 13
// lea
:
Referenced profile: SSID profile guestX
p
t
Security Profile guestX
t
:h
Topology: layer2 and layer 3 bypass topology
e s
r c
ou
es
3.2 Experiment Task
R
i n g
3.2.1 Configuration Procedure
n
e ar
Step1 Configuring Portal Authentication
e L Huawei AC supports six access security policies, every VAP Profile can apply each of
or
policies.
M Security Policy
open
Policy Explain
华为专有和保密信息 66
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
i.c
Configure SSID guestXauthentication to Portal authentication. and authentication
mode to local authentication.
w e
Choose configuretion > Security > AAA > Built-In Portal Server,enter”Built-In Portal
Server” page.
u a
.h
Portal server IP: IP address of the Portal server. Users are then redirected to the Portal
i n g
server if they enter URLs that are not located in the free IP subnet.
SSL policy: SSL policy applied to HTTPS services provided by the Portal server.
r n
Port: Port that provides the authentication service on the Portal server.
lea
Authentication mode: Authentication mode including PAP and CHAP. You are advised to
//
use the CHAP with high security.
p :
Web page file: File in .zip format. The file contains web pages that users access during
authentication.
t t
:h
Maximum number of users: Maximum number of users that can access the Portal
server.
e s
r c
s ou
Re
i n g
n
e ar
e L Create security profile guestX.
or
Choose configuretion > AP Config > Profile > Wireless Service, the security profile list is
displayed.
华为专有和保密信息 67
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
:h
Create Portal Profile guestX.
e s
r c
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 68
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o
Create authentication profile guestX, and bind portal profile to the authenticationm
i.c
profile.
Choose configuration > Security > AAA” ,enter authentication profile list.
w e
u a
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
ar
Bind portal profile guestX to the authentication profile guestX.
L e
e
or
M
华为专有和保密信息 69
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 70
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
Enter VAP profile page, bind authentication profile guestX and security profile guestX to
VAP profile guestX.
e n
/
o m
e i.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 71
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
e i.c
aw
u
g .h
ni n
r
// lea
p :
t t
:h
Wireless uers can open the browser, and enter a website. The link will automatically go
e s
to Portal authencation page. After you input the right username and password, click
“login”.(NOTE:this experiment don’t have DNS, we need to input the ip address, for
r c
example, 114.114.114.114).
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 72
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
e i.c
aw
u
g .h
i n
Then the configuration of Portal authentication has been finished, we can test the
n
connection.
r
lea
C:\Users\zWX>ping 101.101.101.101
//
PING 101.101.101.101: 56 data bytes, press CTRL_C to break
p :
Reply from 101.101.101.101: bytes=56 Sequence=1 ttl=255 time=7 ms
t t
Reply from 101.101.101.101: bytes=56 Sequence=2 ttl=255 time=10 ms
:h
Reply from 101.101.101.101: bytes=56 Sequence=3 ttl=255 time=10 ms
s
Reply from 101.101.101.101: bytes=56 Sequence=4 ttl=255 time=10 ms
e
c
Reply from 101.101.101.101: bytes=56 Sequence=5 ttl=255 time=10 ms
r
ou
--- 101.101.101.101 ping statistics ---
s
Re
5 packet(s) transmitted
5 packet(s) received
i n g
0.00% packet loss
n
round-trip min/avg/max = 7/9/10 ms
ar
Step2 Configuring WPA PSK Authentication
e
e L Configure the authentication type for SSID voiceX to WPA1-PSK. Huawei AC supports
or
below WPA configuration option::
M WPA Type
WPA/WPA2/WPA1-2 Personal
Encryption Method
CCMP or TKIP
Authentication Method
PSK(password 8-64
characters)
WPA/WPA2/WPA1-2 Enterprise CCMP or TKIP Dot1x
Configure security profile security-profile name voice1, encryption mode TKIP, password of
PSK is voicevoice.
Choose Configuration > AP Config > Profile > Wireless Service > Security profile, the
security profile page is displayed, in security profile list, click create, set the parameters.
华为专有和保密信息 73
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
Bind the security profile voiceX to VAP profile voiceX.
华为专有和保密信息 74
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
Then the Configuration of WPA-PSK has been finished, we can test the connection.
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
ar
C:\Users\zWX>ping 101.101.101.101
PING 101.101.101.101: 56 data bytes, press CTRL_C to break
M
Reply from 101.101.101.101: bytes=56 Sequence=4 ttl=255 time=10 ms
Reply from 101.101.101.101: bytes=56 Sequence=5 ttl=255 time=10 ms
华为专有和保密信息 75
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
The authentication architecture of EAP consists of three parts: clients, authenticator and
authentication server.
//
Configure radius service and accounting scheme in the AC.
:
Configuring Radius profile.
t t p
Choose Configuration > Security > AAA > RADIUS, the RADIUS page is displayed.
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
Create Radius Server
华为专有和保密信息 76
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
e i.c
aw
u
g .h
ni n
r
// lea
p :
t t
Configure AAA.
s :h
c e
Choose Configuration > AP Config > Profile > Wireless Service, enter
r
AuthenticationScheme list.(by default, have a radius profile, you can not create).
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 77
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
Configure access profile dot1x-access-profile name employeeX, authentication mode is
.h
eap.
i n g
r n
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 78
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
e i.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
Configure authentication profile authentication-profile name employee.
Bind the access profile, authentication scheme, accounting scheme and radius server to
n
ar
authentication profile.
Choose Configuration > Security > AAA > Authentication Profile, enter authentication
e
or
M
华为专有和保密信息 79
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
e i.c
aw
u
Bind the dot1x access profile and radius server profile to authentication profile.
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 80
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
Bind security profile and authentication profile to VAP profile.
i n g
n
e ar
e L
or
M
华为专有和保密信息 81
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 82
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
3.3 Verification
e n
/
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 83
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
:h
es
3.4 Reference Configuration
r c
o u
3.4.1 S5700 Configuration
es
R
g
#
i n
sysname S5700
rn
#
a
vlan batch 10 to 13 200
L e #
lldp enable
r e #
M
undo http secure-server enable
#
undo nap slave enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %@%@5d~9:M^ipCfL\iB)EQd>3Uwe%@%@
华为专有和保密信息 84
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
ip address 10.1.12.1 255.255.255.0
/
#
interface Vlanif13
o m
i.c
ip address 10.1.13.1 255.255.255.0
#
interface Vlanif200
w e
#
ip address 10.254.1.1 255.255.255.0
u a
interface MEth0/0/1
ip address 172.21.11.1 255.255.0.0
g .h
#
ni n
interface GigabitEthernet0/0/1
r
lea
port link-type trunk
//
port trunk allow-pass vlan 10 to 13
#
p :
t
interface GigabitEthernet0/0/2
#
t
:h
interface GigabitEthernet0/0/3
#
e s
c
interface GigabitEthernet0/0/4
#
r
ou
interface GigabitEthernet0/0/5
#
es
interface GigabitEthernet0/0/6
#
R
#
i n g
interface GigabitEthernet0/0/7
n
ar
interface GigabitEthernet0/0/8
#
L e interface GigabitEthernet0/0/9
#
e
or
interface GigabitEthernet0/0/10
port link-type trunk
M #
port trunk pvid vlan 10
port trunk allow-pass vlan 10 to 13
interface GigabitEthernet0/0/11
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 to 13
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
华为专有和保密信息 85
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
e n
interface GigabitEthernet0/0/19
/
#
interface GigabitEthernet0/0/20
o m
i.c
#
interface GigabitEthernet0/0/21
#
w e
interface GigabitEthernet0/0/22
#
u a
interface GigabitEthernet0/0/23
#
g .h
interface GigabitEthernet0/0/24
ni n
port link-type trunk
r
lea
port default vlan 200
//
#
interface NULL0
p :
t
#
interface LoopBack1
t
:h
ip address 101.101.101.101 255.255.255.255
#
e s
c
user-interface con 0
r
authentication-mode password
ou
set authentication password
s
cipher %@%@;|J%=/[d[O@L[qD[Xhh~,3[~S(Zs:\Ot8H6*x_MAW=N$3[B,%@%@
Re
user-interface vty 0 4
authentication-mode password
i n g
user privilege level 3
set authentication password
ncipher %@%@`KL`QN[h79h[6AS2ggdT<+Hjaz5lH\hpS4]~^/-CFvtO+Hm<%@%@
ar
protocol inbound all
L e user-interface vty 16 20
#
e
r
return
o
M3.4.2 AC Configuration
#
sysname AC1
#
http secure-server ssl-policy default_policy
http server enable
#
portal local-server ip 10.1.10.100
portal local-server https ssl-policy default_policy port 2000
华为专有和保密信息 86
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
#
undo portal url-encode enable
#
ssl renegotiation-rate 1
#
vlan batch 10 to 13 4090
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
e n
portal-access-profile guest1
/
authentication-profile name macportal_authen_profile
authentication-profile name guest1
o m
i.c
portal-access-profile guest1
authentication-profile name employee1
dot1x-access-profile employee1
w e
authentication-scheme radius
radius-server huawei
u a
#
lldp enable
g .h
#
ni n
dhcp enable
r
lea
#
//
diffserv domain default
#
p :
t
radius-server template default
radius-server template huawei
t
:h
radius-server authentication 10.254.1.100 1812 source ip-address
s
10.1.10.100 weight 80
#
r c e
undo radius-server user-name domain-included
ou
pki realm default
s
rsa local-key-pair default
#
Re
enrollment self-signed
i n g
ssl policy default_policy type server
pki-realm default
n
ar
version tls1.0 tls1.1
ciphersuite rsa_aes_128_cbc_sha
L e #
ike proposal default
e
or
encryption-algorithm aes-256
dh group2
M
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
portal local-server enable
#
portal-access-profile name guest1
华为专有和保密信息 87
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
#
/
ip pool voice1
gateway-list 10.1.12.1
o m
i.c
network 10.1.12.0 mask 255.255.255.0
#
ip pool guest1
w e
gateway-list 10.1.13.1
network 10.1.13.0 mask 255.255.255.0
u a
#
aaa
g .h
authentication-scheme default
ni n
authentication-scheme radius
r
lea
authentication-mode radius
//
authorization-scheme default
accounting-scheme default
p :
t
domain default
authentication-scheme default
t
:h
domain default_admin
s
authentication-scheme default
e
c
local-user admin password irreversible-cipher $1a$VNcE$6oR"2$aASkVyCl-
r
~~qx^~!e+:.S|>BJto>%VV[WvDxK./G$
ou
local-user admin privilege level 15
s
local-user admin service-type ssh http
Re
local-user huawei password irreversible-cipher
$1a$6@(!=HT_IP$A=lvP*~iu+0<..Y&4`Y6+j4$Xkcf=#aMU=5[4wEP$
i n g
local-user huawei privilege level 1
local-user huawei service-type telnet ssh http
ar
pAYq#XEVAp>~%^%#
e
or
#
interface Vlanif1
ip address 169.254.1.1 255.255.0.0
M #
interface Vlanif10
ip address 10.1.10.100 255.255.255.0
dhcp select global
#
interface Vlanif11
ip address 10.1.11.100 255.255.255.0
dhcp select global
#
interface Vlanif12
华为专有和保密信息 88
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
#
/
interface GigabitEthernet0/0/2
#
o m
i.c
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
w e
#
interface GigabitEthernet0/0/5
u a
#
interface GigabitEthernet0/0/6
g .h
#
ni n
interface GigabitEthernet0/0/7
r
lea
port link-type access
//
port default vlan 4090
stp disable
p :
t
#
interface GigabitEthernet0/0/8
t
:h
port link-type trunk
s
port trunk allow-pass vlan 10 to 13
e
c
#
interface NULL0
r
ou
#
#
es
info-center timestamp log format-date
R
snmp-agent local-engineid 800007DB03845B12566919
i n g
snmp-agent community
read %^%#En_g+AWfX>adWz&5.!G~E^)4&/r]vCScEB~w~u%Zje-
n$@`GH0BN7e"$A8PF(_n~lC9qvT)O*{4!I+:yR%^%#
ar
snmp-agent community write %^%#atYiX7&TjG<o\Y/.2Y-
L e V/8bVI&sGJOTB4$0Y@{"2$306$`dp;=7cULM)*$.3Q!lXY<}!y7jZ,7BS"NNY%^%#
snmp-agent sys-info version v2c
e
or
snmp-agent
#
undo telnet ipv6 server enable
华为专有和保密信息 89
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
user privilege level 3
protocol inbound telnet
user-interface vty 16 20
o m
i.c
protocol inbound all
e
#
wlan
traffic-profile name default
aw
security-profile name guest1
u
.h
security-profile name voice1
security wpa psk pass-
i n g
phrase %^%#0)RfPJm>L58cY+4*K);#E~]V)7`\406bJM4syy*%%^%# tkip
security-profile name default
r n
lea
security-profile name employee1
security wpa2 dot1x aes
//
security-profile name default-wds
p :
security wpa2 psk pass-phrase %^%#CB&>,Q$BB>x\Fn"|^%qToSj.2]:%J"+-
qK%aTJ_0%^%# aes
t t
:h
security-profile name default-mesh
security wpa2 psk pass-phrase %^%#]7|J"`LHnEQ=,-
s
GJS[q&>M">Qsqw;9mb8$0`_=6I%^%# aes
e
c
ssid-profile name guest1
ssid guest1
r
ou
ssid-profile name voice1
es
ssid voice1
ssid-profile name default
R
ssid-profile name employee1
i n g
ssid employee1
vap-profile name guest1
n
ar
forward-mode tunnel
service-vlan vlan-id 13
L e ssid-profile guest1
e
security-profile guest1
or
authentication-profile portal_authen_profile
vap-profile name voice1
M service-vlan vlan-id 12
ssid-profile voice1
security-profile voice1
vap-profile name default
vap-profile name employee1
service-vlan vlan-id 11
ssid-profile employee1
security-profile employee1
authentication-profile employee1
mesh-handover-profile name default
mesh-profile name default
华为专有和保密信息 90
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
wired-port-profile name default
/
serial-profile name preset-enjoyor-toeap
ap-group name default
o m
i.c
ap-group name ap-group1
regulatory-domain-profile domain1
radio 0
w e
vap-profile employee1 wlan 1
vap-profile voice1 wlan 2
u a
vap-profile guest1 wlan 3
radio 1
g .h
vap-profile employee1 wlan 1
ni n
vap-profile voice1 wlan 2
r
lea
vap-profile guest1 wlan 3
//
radio 2
vap-profile employee1 wlan 1
p :
t
vap-profile voice1 wlan 2
vap-profile guest1 wlan 3
t
:h
ap-id 0 type-id 43 ap-mac 4cfa-cabe-eb60 ap-sn 21500826412SG8918066
ap-group ap-group1
e s
c
ap-id 1 type-id 43 ap-mac 4cfa-cabf-d0c0 ap-sn 21500826412SG8919901
r
ap-group ap-group1
ou
provision-ap
#
es
dot1x-access-profile name dot1x_access_profile
R
dot1x-access-profile name employee1
#
i n g
mac-access-profile name mac_access_profile
n
ar
#
undo ntp-service enable
L e #
return
e
or
M
华为专有和保密信息 91
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
华为专有和保密信息 92
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
4.1.3 Plan
You must configure devices according to the plan to avoid errors. This experiment uses
group 1 as an example to illustrate rules for configuring the device name, VLAN, and
Trunk.
The following table describes device connections.
Group
n
AC-Switch Port AP-Switch Port
No.
/ e
1 AC1—G0/0/1
AP1-G0/0/10
o m
i.c
AP2-G0/0/11
AP3-G0/0/12
w e
a
2 AC2—G0/0/2
AP4-G0/0/13
u
AP5-G0/0/14
g .h
3 AC3—G0/0/3
AP6-G0/0/15
ni n
r
lea
AP7-G0/0/15
4 AC4—G0/0/4
AP8-G0/0/16
//
p :
t t
AP9-G0/0/17
:h
5 AC5—G0/0/5
AP10-G0/0/18
e s
6 AC6—G0/0/6
r c AP11-G0/0/19
ou
AP12-G0/0/20
es
R
n g
eSight Server IP
i
172.21.11.20
n
e ar
eSight Server password Name: admin Password: Huawei@123
e L
or
SNMP read only community publicRO
华为专有和保密信息 93
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
Step2 Configuring SNMP Parameters
/
Configure AC SNMP Community and static route.
o m
i.c
Choose “Maintenance > AC Maintenance > SNMP > Global Configuration”, enter the
Global Configuration page.
w e
u a
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar Enter Community/Group Management, click create and set parameters for snmp.
e L
or
M
华为专有和保密信息 94
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
.h
Choose “Configuration > AC Config > IP > Route > Static Route Configuration Table”,
enter Static Route Configuration Table page.
n g
In Static Route Configuration Table, click create, configure the static route.
i
r n
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
Step3 Configuring eSight Discover AC
After the PC connect to the WLAN, enter URL http://172.21.11.20:8080 to access eSight
Server, user name: admin, password: Huawei@123 (The initialized user name and
password are: admin/Changeme123, you need change the initial password when you first
login eSight). Should use google chrome or firefox browser.
华为专有和保密信息 95
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
.h
After login in to eSight, select the pull-down menu“Resource”,and click “Add
Device”,reference below parameters.
i n g
IP Address 172.21.11.X+2
r n
lea
Name ACX
SNMP Version V2C
: //
Read Only Community
t t p
publicRO
:h
Write Community privateRW
e s
Telnet Authentication mode Password
r c
ou
Password Admin@123
es
R
i n g
n
e ar
e L
or
M
华为专有和保密信息 96
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
Click”OK” when you finished, if displayed “Success”then means the configuring is
:h
successed.
e s
r c
s ou
Re
i n g
n
e ar
e L
or
M
Step4 Configuring Basic AC Parameters
,and click “Network Device”.
Select the pull-down menu“Resource”
华为专有和保密信息 97
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
Click “WLAN Feature > AP”, enter the Create Manually interface and add aps.
e i.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
Configure interface Group huaweiX.
Select the pull-down menu“Resource> Resources Group> Group Management”
Click “Interface group > User Defined > ”, and the name for this experiment is
“huawei1”.
华为专有和保密信息 98
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 99
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 100
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
Configure VLANIF and DHCP Server
ni n
r
Select the pull-down menu“Business> WLAN Management> Configuration and
lea
Deployment”
: //
t t p
s :h
r c e
s ou
Re
i n g
nAdd devices on base configuration.
e ar
e L
or
M
华为专有和保密信息 101
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 102
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
e i.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
Configure Channel. Click “Base configuration > Channel Configuration ”, set the allow
pass VLANs and PVID for interface group”.
华为专有和保密信息 103
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 104
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
Step5 Configuring AP Online
aw
Configure AP Authentication mode and AC Source Address.
u
Click “Global AC Configuration > AC >
g
”, select Resouce AC1”.
.h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 105
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 106
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
e i.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 107
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
e i.c
aw
u
g .h
n
Create VAP profiles employeeX. Set the data forwarding mode for employeeX to tunnel
i
forwarding. Configure the service VLAN and bind the profile to the security profile and
n
SSID profile.
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 108
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L Configure AP groups ap-groupX to use the VAP profile.
or
M
华为专有和保密信息 109
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 110
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
After finish above, ap still not online. Configure the function of ssh for AC, and test the
SFTP for eSight. Username: admin, password: Changeme123.
[AC6005]ssh client first-time enable
[AC6005]sftp 172.21.0.11 31922
Please input the username:admin
Trying 172.21.0.11 ...
Press CTRL+K to abort
The server is not authenticated. Continue to access it? (y/n)[n]:y
Save the server's public key? (y/n)[n]:y
e n
/
The server's public key will be saved with the name 172.21.0.11. Please
wait...
o m
i.c
Enter password:
sftp-client>
w e
Click “System > Network Management Settings > Polling Settings”. Configure Polling
interval, make the AP online.
u a
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 111
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
c e
Check the AP Status and two Aps are online.
r
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 112
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
orVerification
4.3
M
4.3.1 Connect an STA to the WLAN
Connect STAs to the WLANs with SSIDs employeeX.
华为专有和保密信息 113
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
ni n
r
lea
C:\Users\zWX>ping 101.101.101.101
//
PING 101.101.101.101: 56 data bytes, press CTRL_C to break
:
t t p
Reply from 101.101.101.101: bytes=56 Sequence=1 ttl=255 time=7 ms
Reply from 101.101.101.101: bytes=56 Sequence=2 ttl=255 time=10 ms
:h
Reply from 101.101.101.101: bytes=56 Sequence=3 ttl=255 time=10 ms
s
Reply from 101.101.101.101: bytes=56 Sequence=4 ttl=255 time=10 ms
e
c
Reply from 101.101.101.101: bytes=56 Sequence=5 ttl=255 time=10 ms
r
s ou
--- 101.101.101.101 ping statistics ---
Re
5 packet(s) transmitted
5 packet(s) received
i n g
0.00% packet loss
round-trip min/avg/max = 7/9/10 ms
n
e ar
eL
4.4 Reference Configuration
or
M4.4.1 S5700 Configuration
#
sysname S5700
#
vlan batch 10 to 13 200
#
lldp enable
#
undo http server enable
华为专有和保密信息 114
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
local-user admin service-type http
/
#
interface Vlanif1
o m
i.c
#
interface Vlanif10
ip address 10.1.10.1 255.255.255.0
w e
#
interface Vlanif11
u a
#
ip address 10.1.11.1 255.255.255.0
g .h
interface Vlanif12
ni n
ip address 10.1.12.1 255.255.255.0
r
lea
#
//
interface Vlanif13
ip address 10.1.13.1 255.255.255.0
p :
t
#
interface Vlanif200
t
:h
ip address 10.254.1.1 255.255.255.0
#
e s
c
interface MEth0/0/1
r
ip address 172.21.11.1 255.255.0.0
ou
#
es
interface GigabitEthernet0/0/1
port link-type trunk
R
port trunk allow-pass vlan 10 to 13
#
i n g
interface GigabitEthernet0/0/2
n
ar
#
interface GigabitEthernet0/0/3
L e #
interface GigabitEthernet0/0/4
e
or
#
interface GigabitEthernet0/0/5
M #
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
port link-type trunk
华为专有和保密信息 115
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
#
/
interface GigabitEthernet0/0/14
#
o m
i.c
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
w e
#
interface GigabitEthernet0/0/17
u a
#
interface GigabitEthernet0/0/18
g .h
#
ni n
interface GigabitEthernet0/0/19
r
lea
#
//
interface GigabitEthernet0/0/20
#
p :
t
interface GigabitEthernet0/0/21
#
t
:h
interface GigabitEthernet0/0/22
#
e s
c
interface GigabitEthernet0/0/23
#
r
ou
interface GigabitEthernet0/0/24
es
port link-type trunk
port default vlan 200
#
R
#
i n g
interface NULL0
n
ar
interface LoopBack1
ip address 101.101.101.101 255.255.255.255
L e #
user-interface con 0
e
or
authentication-mode password
set authentication password
M
cipher %@%@;|J%=/[d[O@L[qD[Xhh~,3[~S(Zs:\Ot8H6*x_MAW=N$3[B,%@%@
user-interface vty 0 4
authentication-mode password
user privilege level 3
set authentication password
cipher %@%@`KL`QN[h79h[6AS2ggdT<+Hjaz5lH\hpS4]~^/-CFvtO+Hm<%@%@
protocol inbound all
user-interface vty 16 20
#
return
华为专有和保密信息 116
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
4.4.2 AC Configuration
#
sysname AC1
#
http secure-server ssl-policy default_policy
http server enable
#
portal local-server ip 10.1.10.100
e n
portal local-server https ssl-policy default_policy port 2000
/
#
o m
i.c
undo portal url-encode enable
#
ssl renegotiation-rate 1
w e
#
vlan batch 10 to 13 4090
u a
#
g .h
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
ni n
r
lea
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
portal-access-profile guest1
: //
t p
authentication-profile name macportal_authen_profile
authentication-profile name guest1
t
portal-access-profile guest1
s :h
e
authentication-profile name employee1
r c
dot1x-access-profile employee1
ou
authentication-scheme radius
#
es
radius-server huawei
R
lldp enable
#
i n g
n
dhcp enable
ar
#
Le
diffserv domain default
#
华为专有和保密信息 117
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
pki-realm default
version tls1.0 tls1.1
ciphersuite rsa_aes_128_cbc_sha
#
ike proposal default
encryption-algorithm aes-256
dh group2
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
e n
prf hmac-sha2-256 /
#
o m
i.c
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
w e
portal local-server enable
u a
.h
#
portal-access-profile name guest1
portal local-server enable
i n g
#
r n
lea
ip pool ap
//
gateway-list 10.1.10.1
network 10.1.10.0 mask 255.255.255.0
p :
t t
option 43 sub-option 3 ascii 10.1.10.100
:h
#
s
ip pool employee1
c
gateway-list 10.1.11.1
r e
network 10.1.11.0 mask 255.255.255.0
ou
dns-list 114.114.114.114
#
es
R
ip pool voice1
i n g
gateway-list 10.1.12.1
network 10.1.12.0 mask 255.255.255.0
n
ar
#
ip pool guest1
L e gateway-list 10.1.13.1
or #
M
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
domain default
authentication-scheme default
domain default_admin
authentication-scheme default
华为专有和保密信息 118
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
local-user guest01 privilege level 0
/
local-user guest01 service-type web
o m
i.c
#
interface Vlanif1
ip address 169.254.1.1 255.255.0.0
w e
#
interface Vlanif10
u a
ip address 10.1.10.100 255.255.255.0
g .h
dhcp select global
#
ni n
r
lea
interface Vlanif11
ip address 10.1.11.100 255.255.255.0
dhcp select global
: //
#
interface Vlanif12
t t p
:h
ip address 10.1.12.100 255.255.255.0
s
e
dhcp select global
#
r c
ou
interface Vlanif13
es
ip address 10.1.13.100 255.255.255.0
dhcp select global
# R
n g
interface Vlanif4090
i
n
ip address 172.21.11.3 255.255.0.0
ar
#
Le
interface GigabitEthernet0/0/1
#
r e interface GigabitEthernet0/0/2
o #
M interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
华为专有和保密信息 119
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
u a
.h
snmp-agent community write %^%#atYiX7&TjG<o\Y/.2Y-
V/8bVI&sGJOTB4$0Y@{"2$306$`dp;=7cULM)*$.3Q!lXY<}!y7jZ,7BS"NNY%^%#
snmp-agent sys-info version v2c
i n g
snmp-agent
r n
lea
#
undo telnet ipv6 server enable
: //
ssh server secure-algorithms cipher aes256_ctr aes128_ctr aes256_cbc
aes128 3des
t t p
ssh server secure-algorithms hmac sha2_256 sha2_256_96 sha1 sha1_96 md5
:h
md5_96
s
ssh server key-exchange dh_group14_sha1
e
c
ssh client secure-algorithms cipher aes256_ctr aes128_ctr aes256_cbc
r
ou
aes128 3des
ssh client secure-algorithms hmac sha2_256 sha2_256_96 sha1 sha1_96 md5
md5_96
es
R
ssh client key-exchange dh_group14_sha1
#
i n g
ip route-static 0.0.0.0 0.0.0.0 10.1.10.1
n
ar
#
capwap source interface vlanif10
L e #
e user-interface con 0
or authentication-mode password
M
set authentication password
cipher %^%#1<n6!"VC7VQQj=/vGNXG}:Eu&6zT3'C<qU9G'>N8A~"fK_+WA~0De+C]/yW"%^
%#
user-interface vty 0 4
authentication-mode aaa
user privilege level 3
protocol inbound telnet
user-interface vty 16 20
protocol inbound all
#
华为专有和保密信息 120
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
wlan
traffic-profile name default
security-profile name guest1
security-profile name voice1
security wpa psk pass-
phrase %^%#0)RfPJm>L58cY+4*K);#E~]V)7`\406bJM4syy*%%^%# tkip
security-profile name default
security-profile name employee1
security wpa2 dot1x aes
security-profile name default-wds
e n
security wpa2 psk pass-phrase %^%#CB&>,Q$BB>x\Fn"|^%qToSj.2]:%J"+-
/
qK%aTJ_0%^%# aes
o m
i.c
security-profile name default-mesh
e
security wpa2 psk pass-phrase %^%#]7|J"`LHnEQ=,-
GJS[q&>M">Qsqw;9mb8$0`_=6I%^%# aes
ssid-profile name guest1
aw
ssid guest1
u
ssid-profile name voice1
g .h
ssid voice1
ssid-profile name default
ni n
r
lea
ssid-profile name employee1
ssid employee1
vap-profile name guest1
: //
forward-mode tunnel
service-vlan vlan-id 13
t t p
ssid-profile guest1
s :h
e
security-profile guest1
r c
authentication-profile portal_authen_profile
ou
vap-profile name voice1
es
service-vlan vlan-id 12
ssid-profile voice1
R
security-profile voice1
n g
vap-profile name default
i
n
vap-profile name employee1
ar
service-vlan vlan-id 11
L e ssid-profile employee1
security-profile employee1
e
or
authentication-profile employee1
mesh-handover-profile name default
华为专有和保密信息 121
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
//
ap-group ap-group1
:
ap-id 1 type-id 43 ap-mac 4cfa-cabf-d0c0 ap-sn 21500826412SG8919901
p
ap-group ap-group1
t t
:h
provision-ap
s
#
c e
dot1x-access-profile name dot1x_access_profile
r
dot1x-access-profile name employee1
ou
#
es
mac-access-profile name mac_access_profile
#
R
#
i n g
undo ntp-service enable
n
ar
return
L e
e
or
M
华为专有和保密信息 122
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
ni
5.1.2 Topology r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 123
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
5.1.3 Plan
You must configure devices according to the plan to avoid errors. This experiment uses
group 1 as an example to illustrate rules for configuring the device name, VLAN, and
Trunk.
The following table describes device connections.
Group
n
AC-Switch Port AP-Switch Port
No.
/ e
1 AC1—G0/0/1
AP1-G0/0/10
o m
i.c
AP2-G0/0/11
AP3-G0/0/12
w e
a
2 AC2—G0/0/2
AP4-G0/0/13
u
AP5-G0/0/14
g .h
3 AC3—G0/0/3
AP6-G0/0/15
ni n
r
lea
AP7-G0/0/15
4 AC4—G0/0/4
AP8-G0/0/16
//
p :
t t
AP9-G0/0/17
:h
5 AC5—G0/0/5
AP10-G0/0/18
e s
6 AC6—G0/0/6
r c AP11-G0/0/19
ou
AP12-G0/0/20
es
The following table describes an AC parameter configuration template.
R
n g
Trainee Group X
i
AC Configuration
n
ar
Console Port Login
Admin@123
L e Password
e Device ACX
or AP Management
VLAN:X0 IP:10.1.X0.100
M VLAN
Service VLAN
VLAN:X1 IP:10.1.X1.100
(Employee)
AC Source interface
VLANif 80X IP:10.1.20X.100
(L3 Networking)
华为专有和保密信息 124
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
: //
Update the VLAN and Trunk Configuration, and set the VLANIF80X ip address.
t p
Choose “Configuration > AC Config > VLAN”, ebter the VLAN page.
t
:h
Click create, add VLAN80x.
e s
r c
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 125
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
ar
Step3 Configuring AP Online
Le
Modify DHCP configuration and WLAN configuration, make AP can discover AC.
Choose “Configuration > AC Config > IP > DHCP Address pool”, enter DHCP Address pool
r e page.
华为专有和保密信息 126
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
o m
ei.c
aw
u
g .h
ni n
r
// lea
p :
t t
:h
Modify AC source address.
s
Choose “Configuration > ACConfig > Basic Config > AC Configuration”, enter AC
e
c
configuration page.
r
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 127
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
Choose “Configuration > AP Config > Profile > Wireless Service”, enter Wireless Service
e n
/
page.
Click VAPprofile, modify employee and voiceX forwarding mode to tunnel.
o m
e i.c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
华为专有和保密信息 128
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
. com
e i
a w
. hu
in g
r n
//lea
p :
t t
: h
es
r c
ou
es
R
i n g
n
e ar
e L
or
M
华为专有和保密信息 129
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
. com
e i
a w
. hu
in g
r n
//lea
p :
t t
: h
es
r c
ou
es
R
i n g
n
e ar
e L
or
M5.3 Verification
5.3.1 Verifiy the L3 Network Status
Then the Configuration of L3 Network has been finished, all Aps are online.
[AC1]display ap all
华为专有和保密信息 130
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
Info: This operation may take a few seconds. Please wait for a
moment.done.
Total AP information:
nor : normal [2]
-------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
-------------------------------------------------------------------------
0 4cfa-cabe-eb60 ap1 ap-group1 10.1.10.253 AP4030DN nor 0 6S
1 4cfa-cabf-d0c0 ap2 ap-group1 10.1.10.254 AP4030DN nor 1 26S
-------------------------------------------------------------------------
e n
Total: 2
/
Check the station information.
. c om
[AC1]display station all
Rf/WLAN: Radio ID/WLAN ID
e i
Rx/Tx: link receive rate/link transmit rate(Mbps)
a w
hu
-------------------------------------------------------------------------
g.
STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP
address SSID
in
-------------------------------------------------------------------------
n
1041-7f67-01b1 0 ap1 0/2
r
2.4G 11g
a
35/46 -64 12
le
10.1.12.254 voice1
//
-------------------------------------------------------------------------
p :
t
Total: 1 2.4G: 1 5G: 0
h t
s :
5.4 Reference Configuration
r c e
ou
5.4.1 S5700 Configurations
Re
#
i n g
sysname S5700
rn
#
a
vlan batch 10 to 13 200 801
L e #
lldp enable
r e #
M
undo http secure-server enable
#
undo nap slave enable
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %@%@5d~9:M^ipCfL\iB)EQd>3Uwe%@%@
华为专有和保密信息 131
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
ip address 10.1.12.1 255.255.255.0
/
om
#
interface Vlanif13
ip address 10.1.13.1 255.255.255.0
i . c
#
interface Vlanif200
we
ip address 10.254.1.1 255.255.255.0
a
hu
#
interface Vlanif801
ip address 10.1.201.1 255.255.255.0
g .
#
n in
interface MEth0/0/1
r
lea
ip address 172.21.11.1 255.255.0.0
//
#
interface GigabitEthernet0/0/1
p :
t
port link-type trunk
#
h t
port trunk allow-pass vlan 10 to 13 801
s :
interface GigabitEthernet0/0/2
#
r c e
interface GigabitEthernet0/0/3
#
ou
#
es
interface GigabitEthernet0/0/4
R
interface GigabitEthernet0/0/5
#
i n g
interface GigabitEthernet0/0/6
n
ar
#
interface GigabitEthernet0/0/7
L e #
interface GigabitEthernet0/0/8
e
or
#
interface GigabitEthernet0/0/9
M #
interface GigabitEthernet0/0/10
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 to 13
#
interface GigabitEthernet0/0/11
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 to 13
#
华为专有和保密信息 132
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
e n
#
/
om
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
i . c
#
interface GigabitEthernet0/0/20
we
#
a
hu
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
g .
#
n in
interface GigabitEthernet0/0/23
r
lea
#
//
interface GigabitEthernet0/0/24
port link-type trunk
p :
t
port default vlan 200
#
interface NULL0
h t
#
s :
interface LoopBack1
r c e
ip address 101.101.101.101 255.255.255.255
#
ou
es
user-interface con 0
authentication-mode password
R
set authentication password
i n g
cipher %@%@;|J%=/[d[O@L[qD[Xhh~,3[~S(Zs:\Ot8H6*x_MAW=N$3[B,%@%@
user-interface vty 0 4
n
ar
authentication-mode password
user privilege level 3
e
or
protocol inbound all
user-interface vty 16 20
M
#
return
5.4.2 AC Configuration
#
sysname AC1
#
http secure-server ssl-policy default_policy
http server enable
华为专有和保密信息 133
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
#
portal local-server ip 10.1.10.100
portal local-server https ssl-policy default_policy port 2000
#
undo portal url-encode enable
#
ssl renegotiation-rate 1
#
vlan batch 10 to 13 801 4090
#
authentication-profile name default_authen_profile
e n
authentication-profile name dot1x_authen_profile
/
om
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
portal-access-profile guest1
i . c
authentication-profile name macportal_authen_profile
authentication-profile name guest1
we
portal-access-profile guest1
a
hu
authentication-profile name employee1
dot1x-access-profile employee1
authentication-scheme radius
g .
radius-server huawei
n in
#
r
lea
lldp enable
//
#
dhcp enable
p :
t
#
diffserv domain default
#
h t
s :
radius-server template default
c e
radius-server template huawei
r
radius-server authentication 10.254.1.100 1812 source ip-address
u
10.1.10.100 weight 80
o
s
undo radius-server user-name domain-included
#
R e
pki realm default
i n g
rsa local-key-pair default
enrollment self-signed
n
ar
#
ssl policy default_policy type server
L e pki-realm default
version tls1.0 tls1.1
e
or
ciphersuite rsa_aes_128_cbc_sha
#
M
ike proposal default
encryption-algorithm aes-256
dh group2
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
华为专有和保密信息 134
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
gateway-list 10.1.11.1
/
om
network 10.1.11.0 mask 255.255.255.0
dns-list 114.114.114.114
#
i . c
ip pool voice1
gateway-list 10.1.12.1
we
network 10.1.12.0 mask 255.255.255.0
a
hu
#
ip pool guest1
gateway-list 10.1.13.1
g .
network 10.1.13.0 mask 255.255.255.0
n in
#
r
lea
aaa
//
authentication-scheme default
authentication-scheme radius
p :
t
authentication-mode radius
authorization-scheme default
accounting-scheme default
h t
domain default
s :
c e
authentication-scheme default
r
domain default_admin
u
authentication-scheme default
o
es
local-user admin password irreversible-cipher $1a$VNcE$6oR"2$aASkVyCl-
~~qx^~!e+:.S|>BJto>%VV[WvDxK./G$
R
local-user admin privilege level 15
i n g
local-user admin service-type ssh http
local-user huawei password irreversible-cipher
n$1a$6@(!=HT_IP$A=lvP*~iu+0<..Y&4`Y6+j4$Xkcf=#aMU=5[4wEP$
ar
local-user huawei privilege level 1
e
or
pAYq#XEVAp>~%^%#
local-user guest01 privilege level 0
local-user guest01 service-type web
M #
interface Vlanif1
ip address 169.254.1.1 255.255.0.0
#
interface Vlanif10
ip address 10.1.10.100 255.255.255.0
dhcp select global
#
interface Vlanif11
ip address 10.1.11.100 255.255.255.0
华为专有和保密信息 135
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
ip address 10.1.201.100 255.255.255.0
/
om
#
interface Vlanif4090
ip address 172.21.11.3 255.255.0.0
i . c
#
interface GigabitEthernet0/0/1
we
#
a
hu
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
g .
#
n in
interface GigabitEthernet0/0/4
r
lea
#
//
interface GigabitEthernet0/0/5
#
p :
t
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
h t
port link-type access
s :
c
port default vlan 4090
stp disable
r e
#
ou
es
interface GigabitEthernet0/0/8
port link-type trunk
R
port trunk allow-pass vlan 10 to 13 801
#
i n g
interface NULL0
n
ar
#
info-center timestamp log format-date
L e #
snmp-agent local-engineid 800007DB03845B12566919
e
or
snmp-agent community
read %^%#En_g+AWfX>adWz&5.!G~E^)4&/r]vCScEB~w~u%Zje-
M
$@`GH0BN7e"$A8PF(_n~lC9qvT)O*{4!I+:yR%^%#
snmp-agent community write %^%#atYiX7&TjG<o\Y/.2Y-
V/8bVI&sGJOTB4$0Y@{"2$306$`dp;=7cULM)*$.3Q!lXY<}!y7jZ,7BS"NNY%^%#
snmp-agent sys-info version v2c
snmp-agent
#
undo telnet ipv6 server enable
ssh server secure-algorithms cipher aes256_ctr aes128_ctr aes256_cbc
aes128 3des
ssh server secure-algorithms hmac sha2_256 sha2_256_96 sha1 sha1_96 md5
md5_96
ssh server key-exchange dh_group14_sha1
华为专有和保密信息 136
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
authentication-mode password
set authentication password
om
cipher %^%#1<n6!"VC7VQQj=/vGNXG}:Eu&6zT3'C<qU9G'>N8A~"fK_+WA~0De+C]/yW"
c
%^%#
user-interface vty 0 4
authentication-mode aaa
e i .
user privilege level 3
a w
hu
protocol inbound telnet
user-interface vty 16 20
protocol inbound all
g .
in
#
n
wlan
traffic-profile name default
r
lea
security-profile name guest1
//
security-profile name voice1
security wpa psk pass-
p :
t
phrase %^%#0)RfPJm>L58cY+4*K);#E~]V)7`\406bJM4syy*%%^%# tkip
security-profile name default
h t
:
security-profile name employee1
security wpa2 dot1x aes
es
c
security-profile name default-wds
u
qK%aTJ_0%^%# aes r
security wpa2 psk pass-phrase %^%#CB&>,Q$BB>x\Fn"|^%qToSj.2]:%J"+-
s o
security-profile name default-mesh
R e
security wpa2 psk pass-phrase %^%#]7|J"`LHnEQ=,-
GJS[q&>M">Qsqw;9mb8$0`_=6I%^%# aes
i n g
ssid-profile name guest1
ssid guest1
n
ar
ssid-profile name voice1
ssid voice1
e
or
ssid employee1
vap-profile name guest1
M
forward-mode tunnel
service-vlan vlan-id 13
ssid-profile guest1
security-profile guest1
authentication-profile portal_authen_profile
vap-profile name voice1
forward-mode tunnel
service-vlan vlan-id 12
ssid-profile voice1
security-profile voice1
vap-profile name default
华为专有和保密信息 137
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
air-scan-profile name default
/
om
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
i . c
wids-spoof-profile name default
wids-profile name default
we
ap-system-profile name default
a
hu
port-link-profile name default
wired-port-profile name default
serial-profile name preset-enjoyor-toeap
g .
ap-group name default
n in
ap-group name ap-group1
r
lea
regulatory-domain-profile domain1
//
radio 0
vap-profile employee1 wlan 1
p :
t
vap-profile voice1 wlan 2
vap-profile guest1 wlan 3
radio 1
h t
s :
vap-profile employee1 wlan 1
c e
vap-profile voice1 wlan 2
r
vap-profile guest1 wlan 3
radio 2
ou
es
vap-profile employee1 wlan 1
vap-profile voice1 wlan 2
R
vap-profile guest1 wlan 3
i n g
ap-id 0 type-id 43 ap-mac 4cfa-cabe-eb60 ap-sn 21500826412SG8918066
ap-group ap-group1
n
ar
ap-id 1 type-id 43 ap-mac 4cfa-cabf-d0c0 ap-sn 21500826412SG8919901
ap-group ap-group1
L e #
provision-ap
e
or
dot1x-access-profile name dot1x_access_profile
dot1x-access-profile name employee1
M #
mac-access-profile name mac_access_profile
#
undo ntp-service enable
#
return
华为专有和保密信息 138
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
6.1.2 Plan : //
t t p
: h
You must configure devices according to the plan to avoid errors. This experiment uses
s
group 1 as an example to illustrate rules for configuring the device name, VLAN, and
e
c
Trunk.
u r
The following table describes device connections.
s o
Group
No.
R e
AC-Switch Port AP-Switch Port
i n g
n
AP1-G0/0/10
ar
1 AC1—G0/0/1
AP2-G0/0/11
L e AP3-G0/0/12
e
or
2 AC2—G0/0/2
AP4-G0/0/13
M 3 AC3—G0/0/3
AP5-G0/0/14
AP6-G0/0/15
AP7-G0/0/15
4 AC4—G0/0/4
AP8-G0/0/16
AP9-G0/0/17
5 AC5—G0/0/5
AP10-G0/0/18
华为专有和保密信息 139
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
AP11-G0/0/19
6 AC6—G0/0/6
AP12-G0/0/20
Item Parameter
Management IP 172.21.11.X+2
Backup Configuration File
e n
name
acvrpcfg.zip
/
FTP account Name: ftp Password: Huawei@123
. c om
FTP Directory Flash:/
e i
a w
.hu
6.2 Experiment Task in g
r n
6.2.1 Configuration Procedure
//lea
p :
Step1 Save the Configuration
t t
: h
Any change through web-based configuration, you need to click “save” to save the
es
configuration to the device. If you don’t save it , the configuration will lost after
rebooted.
r c
u
Save the configuration through the upper right of the page.
o
es
R
i n g
After saving, you can view information about the files and directories on the storage
device.
n
ar
Choose “Maintenance > System Configuration > File Management”. Enter the file
e
management page.
e L
or
M
华为专有和保密信息 140
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
. c om
e i
a w
. hu
in g
n
In the Storage Medium area, check the remaining size and total size of storage devices.
r
lea
Manage files in the File Management area.
//
To search all files in a storage medium or all the storage media, click Search.
:
t p
To move a file to the recycle bin, select the file and click Delete and Move to Recycle Bin.
t
h
You can restore the deleted file in the Recycle Bin area.
s :
To permanently delete a file, select the file and click Delete File Permanently.
r c e
To upload a file to the storage device, click Upload file.
ou
To refresh the file list, click Refresh.To download a file to the local PC, select the file and
click .
es
R
Step2 Configuring FTP Service on AC
i n g
Create a FTP user, Choose “Maintenance > Administrator > Administrator List”,
n
ar
enter the administrator list page. Username:ftp, password:Huawei@123, level:15.
L e
e
or
M
华为专有和保密信息 141
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
. c om
e i
a w
. hu
in g
r n
//lea
p :
t t
: h
es
r c
ou
es
R
Enable FTP service in the global view, Choose “Maintenance> AC Maintenance >
i n g
System > Service Management”, enter Service managementpage.
n
e ar
e L
or
M
华为专有和保密信息 142
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
. com
e i
a w
. hu
in g
r n
Step3 Backup the Configuration to PC
//lea
D:\>ftp 172.21.11.3
p :
connect 172.21.11.3.
t t
: h
s
220 FTP service ready.
c e
User(172.21.11.3:(none)): ftp
r
u
331 Password required for ftp.
o
es
password:ftp001
R
230 User logged in.
i n g
ftp> get acvrpcfg.zip
n
ar
200 Port command okay.
M ftp>
Then the configuration file is backuped in the PC, find the file in D:/
and then can opent it by notepad or wordpad.
华为专有和保密信息 143
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
. c om
e i
a w
. hu
in g
r n
//lea
Step4 Reset the Configuration
p :
t t
After your practice finished, We need to reset the configuration of the devices before the
: h
practice, so as to avoid the impacting to the practice, please following below procedures
s
to reset the configuration and reboot the device.
e
c
<AC1>reset saved-configuration
r
ou
This will delete the configuration in the flash memory.
The device configurations will be erased to reconfigure.
es
Are you sure? (y/n)[n]:y
#
R
i n g
<AC1>reboot
Info: The system is comparing the configuration, please wait......
n
ar
Warning: All the configuration will be saved to the next startup configuration. Continue ?
e
[y/n]:n
or
M6.3 Verification
6.3.1 Checking the Device Configuration
It required set a new password When you login the device after reboot.
Please configure the login password:
Info: A plain text password is a string of 8 to 16 case-sensitive
characters and must be a combination of at least two of the following:
华为专有和保密信息 144
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
ssl renegotiation-rate 1
#
om
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
i . c
e
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
a w
hu
#
.
diffserv domain default
#
radius-server template default
in g
#
r n
lea
pki realm default
rsa local-key-pair default
enrollment self-signed
: //
p
#
ssl policy default_policy type server
t t
pki-realm default
: h
s
version tls1.0 tls1.1 tls1.2
#
r c e
ciphersuite rsa_aes_128_cbc_sha
ou
ike proposal default
encryption-algorithm aes-256
dh group2
es
R
authentication-algorithm sha2-256
g
authentication-method pre-share
n i n
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
ar
#
e
or
portal-access-profile name portal_access_profile
#
M
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
domain default
authentication-scheme default
domain default_admin
authentication-scheme default
华为专有和保密信息 145
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
/
interface GigabitEthernet0/0/2
#
om
interface GigabitEthernet0/0/3
#
i . c
e
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
a w
hu
#
.
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
in g
#
r n
lea
interface GigabitEthernet0/0/8
#
interface NULL0
: //
p
#
undo snmp-agent
t t
#
: h
s
stelnet server enable
r c e
undo telnet server enable
undo telnet ipv6 server enable
u
ssh server secure-algorithms cipher aes256_ctr aes128_ctr
o
s
ssh server secure-algorithms hmac sha2_256
R e
ssh server key-exchange dh_group14_sha1
ssh client secure-algorithms cipher aes256_ctr aes128_ctr
i n g
ssh client secure-algorithms hmac sha2_256
ssh client key-exchange dh_group14_sha1
n#
ar
user-interface con 0
L e authentication-mode password
set authentication password
e
or
cipher %^%#h'O5Y|4b&.=,loK4{<@Qo0h6R~Q>oT[2{<X+y^:,Sg*tSthkTO("UiYv~tN<
%^%#
user-interface vty 0 4
M authentication-mode aaa
protocol inbound ssh
user-interface vty 16 20
protocol inbound all
#
wlan
traffic-profile name default
security-profile name default
security-profile name default-wds
security wpa2 psk pass-
phrase %^%#qNfI(V#y8:b/W|/(mY81#Z\D8~!8Y*#IO1RwV);+%^%# aes
华为专有和保密信息 146
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
radio-2g-profile name default
/
om
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
i . c
e
ap-system-profile name default
w
port-link-profile name default
wired-port-profile name default
a
hu
serial-profile name preset-enjoyor-toeap
ap-group name default
provision-ap
g .
#
n in
r
dot1x-access-profile name dot1x_access_profile
lea
#
mac-access-profile name mac_access_profile
#
: //
#
undo ntp-service enable
t t p
return
: h
es
r c
u
6.4 Reference Configuration
o
s
6.4.1 Key ConfigurationRe
i n g
rn
[AC1]ftp server enable
[AC1]aaa
e L directory sdcard:/
[AC1-aaa]local-user ftp service-type ftp
华为专有和保密信息 147
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
7 Appendix
. com
i
sysname S5700
#
vlan batch 10 to 13 20 to 23 30 to 33 40 to 43 50 to 53 60 to 63 200
we
801 to 806
a
hu
#
undo http server enable
undo http secure-server enable
g .
#
n in
aaa
r
lea
authentication-scheme default
//
authorization-scheme default
accounting-scheme default
domain default
p :
domain default_admin
t t
h
local-user admin password cipher %@%@5d~9:M^ipCfL\iB)EQd>3Uwe%@%@
:
#
es
local-user admin service-type http
interface Vlanif1
r c
#
ou
es
interface Vlanif10
ip address 10.1.10.1 255.255.255.0
#
R
i n g
interface Vlanif11
ip address 10.1.11.1 255.255.255.0
n
ar
#
interface Vlanif12
L e #
ip address 10.1.12.1 255.255.255.0
e
or
interface Vlanif13
ip address 10.1.13.1 255.255.255.0
M #
interface Vlanif20
ip address 10.1.20.1 255.255.255.0
#
interface Vlanif21
ip address 10.1.21.1 255.255.255.0
#
interface Vlanif22
ip address 10.1.22.1 255.255.255.0
#
interface Vlanif23
华为专有和保密信息 148
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
interface Vlanif33
/
om
ip address 10.1.33.1 255.255.255.0
#
interface Vlanif40
i . c
#
ip address 10.1.40.1 255.255.255.0
we
interface Vlanif41
a
hu
ip address 10.1.41.1 255.255.255.0
#
interface Vlanif42
g .
ip address 10.1.42.1 255.255.255.0
n in
#
r
lea
interface Vlanif43
//
ip address 10.1.43.1 255.255.255.0
#
p :
t
interface Vlanif50
#
h t
ip address 10.1.50.1 255.255.255.0
interface Vlanif51
s :
#
c e
ip address 10.1.51.1 255.255.255.0
r
u
interface Vlanif52
o
#
es
ip address 10.1.52.1 255.255.255.0
R
interface Vlanif53
#
i n g
ip address 10.1.53.1 255.255.255.0
n
ar
interface Vlanif60
ip address 10.1.60.1 255.255.255.0
L e #
interface Vlanif61
e
or
ip address 10.1.61.1 255.255.255.0
#
M interface Vlanif62
#
ip address 10.1.62.1 255.255.255.0
interface Vlanif63
ip address 10.1.63.1 255.255.255.0
#
interface Vlanif200
ip address 10.254.1.1 255.255.255.0
#
interface Vlanif801
ip address 10.1.201.1 255.255.255.0
华为专有和保密信息 149
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
#
interface Vlanif802
ip address 10.1.202.1 255.255.255.0
#
interface Vlanif803
ip address 10.1.203.1 255.255.255.0
#
interface Vlanif804
ip address 10.1.204.1 255.255.255.0
#
interface Vlanif805
e n
ip address 10.1.205.1 255.255.255.0
/
om
#
interface Vlanif806
ip address 10.1.206.1 255.255.255.0
i . c
#
interface MEth0/0/1
we
#
a
hu
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 to 13 801
g .
#
n in
interface GigabitEthernet0/0/2
r
lea
port link-type trunk
//
port trunk allow-pass vlan 20 to 23 802
#
p :
t
interface GigabitEthernet0/0/3
port link-type trunk
h t
port trunk allow-pass vlan 30 to 33 803
#
s :
c e
interface GigabitEthernet0/0/4
r
port link-type trunk
ou
port trunk allow-pass vlan 40 to 43 804
#
es
interface GigabitEthernet0/0/5
R
port link-type trunk
ing
port trunk allow-pass vlan 50 to 53 805
#
rn
interface GigabitEthernet0/0/6
L
port trunk allow-pass vlan 60 to 63 806
#
r e interface GigabitEthernet0/0/7
o #
M interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 to 13
#
interface GigabitEthernet0/0/11
port link-type trunk
华为专有和保密信息 150
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
e n
port trunk allow-pass vlan 20 to 23
/
om
#
interface GigabitEthernet0/0/14
port link-type trunk
i . c
port trunk pvid vlan 30
port trunk allow-pass vlan 30 to 33
we
#
a
hu
interface GigabitEthernet0/0/15
port link-type trunk
port trunk pvid vlan 30
g .
port trunk allow-pass vlan 30 to 33
n in
#
r
lea
interface GigabitEthernet0/0/16
//
port link-type trunk
port trunk pvid vlan 40
p :
t
port trunk allow-pass vlan 40 to 43
#
interface GigabitEthernet0/0/17
h t
port link-type trunk
s :
r c
port trunk pvid vlan 40
e
port trunk allow-pass vlan 40 to 43
#
ou
es
interface GigabitEthernet0/0/18
port link-type trunk
R
port trunk pvid vlan 50
ing
port trunk allow-pass vlan 50 to 53
#
rn
interface GigabitEthernet0/0/19
eL
port trunk pvid vlan 50
port trunk allow-pass vlan 50 to 53
or
#
interface GigabitEthernet0/0/20
华为专有和保密信息 151
版权所有 © 华为技术有限公司
Huawei WLAN Certification Training Experiment Guide
interface GigabitEthernet0/0/23
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 200
#
interface NULL0
#
interface LoopBack1
e n
ip address 101.101.101.101 255.255.255.255
/
om
#
interface LoopBack2
ip address 102.102.102.102 255.255.255.255
i . c
#
interface LoopBack3
we
ip address 103.103.103.103 255.255.255.255
a
hu
#
interface LoopBack4
ip address 104.104.104.104 255.255.255.255
g .
#
n in
interface LoopBack5
r
lea
ip address 105.105.105.105 255.255.255.255
//
#
interface LoopBack6
p :
t
ip address 106.106.106.106 255.255.255.255
#
user-interface con 0
h t
s :
authentication-mode password
c e
set authentication password
r
cipher %@%@;($MM!"!U<_DW.Z.H!4L,$49.>!z*#!\EX>M5e+/7j&#$4<,%@%@
u
user-interface vty 0 4
o
s
user-interface vty 16 20
#
return
R e
i n g
n
e ar
e L
or
M
华为专有和保密信息 152
版权所有 © 华为技术有限公司