interface WLAN-ESS0
port link-type hybrid
port hybrid vlan 1 20 untagged
mac-vlan enable
dhcp-snooping trust
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher $c$3$WGwhaPsGFDz6qqe9zpEYq7LtCzQlmAVg6Gbls3Q=
#
interface WLAN-ESS1
port link-type hybrid
port hybrid vlan 1 30 untagged
mac-vlan enable
dhcp-snooping trust
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher $c$3$IM5IRF3pLyWS2LXT0myU0NIpczvMpwCXT1gbgfg=
可以把接口里的vlan1 去掉吗,vlan1是ap的vlan,有dhcp配置,dhcp会给终端vlan20和vlan30分配ip地址,
<AC-3>dis cu
#
version 5.20, ESS 3703P61
#
sysname AC-3
#
clock timezone UTC add 00:00:00
#
domain default enable system
#
telnet server enable
#
port-security enable
#
wlan auto-ap enable
#
password-recovery enable
#
vlan 1
#
vlan 20
#
vlan 30
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool dhcpap
network 192.168.255.0 mask 255.255.255.0
gateway-list 192.168.255.1
dns-list 202.99.96.68
expired unlimited
#
dhcp server ip-pool pipe
network 172.20.0.0 mask 255.255.0.0
gateway-list 172.20.1.1
dns-list 202.99.96.68
expired unlimited
#
dhcp server ip-pool pipe-guest
network 172.30.0.0 mask 255.255.0.0
gateway-list 172.30.1.1
dns-list 202.99.96.68
expired unlimited
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$sv5lwY//gsUI3Wsl6z3zOlSSq64WcClisavYVQ==
authorization-attribute level 3
service-type ssh telnet
service-type web
local-user pipe
password cipher $c$3$1dE8COsV0+O3xapw0FvWe/LrGYNhigW1w2AAGRzO6BvFmg==
authorization-attribute level 3
service-type ssh telnet terminal
service-type ftp
service-type web
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan service-template 1 crypto
ssid PIPE
bind WLAN-ESS 0
cipher-suite ccmp
security-ie rsn
security-ie wpa
service-template enable
#
wlan service-template 2 crypto
ssid PIPE-GUEST
bind WLAN-ESS 1
cipher-suite ccmp
security-ie rsn
security-ie wpa
service-template enable
#
wlan ap-group default_group
ap 4ce9-e406-b3e0
ap 9c06-1bd8-d3a0
#
wlan ap-group pipe
ap 74ea-cb88-92e0
ap 74ea-cb88-93a0
ap 74ea-cb88-9440
ap 74ea-cb88-95e0
ap 74ea-cb88-9740
ap 74ea-cb88-9e20
ap 74ea-cb88-9ec0
ap 9428-2ef0-bda0
ap 9428-2ef0-cfc0
ap 9428-2ef1-1780
ap 9428-2ef1-2ba0
ap 9428-2ef1-42a0
ap 9c06-1bd9-0200
ap 9c06-1bd9-0440
country-code CN
dot11a service-template 1
dot11bg service-template 1
dot11bg service-template 2
dot11a radio enable
dot11bg radio enable
#
interface Cellular1/0/1
async mode protocol
link-protocol ppp
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.255.1 255.255.255.0
dhcp relay server-select 2
#
interface Vlan-interface20
ip address 172.20.1.2 255.255.0.0
#
interface Vlan-interface30
ip address 172.30.1.2 255.255.0.0
#
interface GigabitEthernet1/0/3
port link-mode route
ip address 172.16.100.19 255.255.0.0
undo dhcp select server global-pool
#
interface GigabitEthernet1/0/5
port link-mode route
undo dhcp select server global-pool
#
interface GigabitEthernet1/0/6
port link-mode route
undo dhcp select server global-pool
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 20 30
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 20 30
dhcp-snooping trust
#
interface GigabitEthernet1/0/4
port link-mode bridge
port access vlan 20
#
interface WLAN-ESS0
port link-type hybrid
port hybrid vlan 1 20 untagged
mac-vlan enable
dhcp-snooping trust
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher $c$3$WGwhaPsGFDz6qqe9zpEYq7LtCzQlmAVg6Gbls3Q=
#
interface WLAN-ESS1
port link-type hybrid
port hybrid vlan 1 30 untagged
mac-vlan enable
dhcp-snooping trust
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher $c$3$IM5IRF3pLyWS2LXT0myU0NIpczvMpwCXT1gbgfg=
#
wlan ap 4ce9-e406-b3e0 model WA4320-ACN-E id 9
serial-id 219801A0X78194E00698
radio 1
radio 2
#
wlan ap 74ea-cb88-92e0 model WA4320-ACN-E id 8
serial-id 219801A0X78177E00201
country-code CN
radio 1
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
radio 2
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
#
wlan ap 74ea-cb88-93a0 model WA4320-ACN-E id 5
serial-id 219801A0X78177E00207
country-code CN
radio 1
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
radio 2
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
#
wlan ap 74ea-cb88-9440 model WA4320-ACN-E id 12
serial-id 219801A0X78177E00212
country-code CN
radio 1
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
radio 2
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
#
wlan ap 74ea-cb88-95e0 model WA4320-ACN-E id 10
serial-id 219801A0X78177E00225
country-code CN
radio 1
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
radio 2
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
#
wlan ap 74ea-cb88-9740 model WA4320-ACN-E id 6
serial-id 219801A0X78177E00236
country-code CN
radio 1
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
radio 2
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
#
wlan ap 74ea-cb88-9e20 model WA4320-ACN-E id 11
serial-id 219801A0X78177E00291
country-code CN
radio 1
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
radio 2
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
#
wlan ap 74ea-cb88-9ec0 model WA4320-ACN-E id 7
serial-id 219801A0X78177E00296
country-code CN
radio 1
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
radio 2
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
#
wlan ap 9428-2ef0-bda0 model WA4320-ACN-E id 15
serial-id 219801A0X78178E00399
country-code CN
radio 1
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
radio 2
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
#
wlan ap 9428-2ef0-cfc0 model WA4320-ACN-E id 14
serial-id 219801A0X78178E00544
country-code CN
radio 1
service-template 1
radio enable
radio 2
service-template 1
service-template 2
radio enable
#
wlan ap 9428-2ef1-1780 model WA4320-ACN-E id 16
serial-id 219801A0X78178E01118
country-code CN
radio 1
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
radio 2
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
#
wlan ap 9428-2ef1-2ba0 model WA4320-ACN-E id 1
serial-id 219801A0X78178E01279
country-code CN
radio 1
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
radio 2
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
#
wlan ap 9428-2ef1-42a0 model WA4320-ACN-E id 13
serial-id 219801A0X78178E01463
country-code CN
radio 1
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
radio 2
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
#
wlan ap 9c06-1bd8-d3a0 model WA4320-ACN-E id 2
serial-id auto
radio 1
radio 2
#
wlan ap 9c06-1bd9-0200 model WA4320-ACN-E id 3
serial-id 219801A0X78174E02752
country-code CN
radio 1
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
radio 2
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
#
wlan ap 9c06-1bd9-0440 model WA4320-ACN-E id 4
serial-id 219801A0X78174E02770
country-code CN
radio 1
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
radio 2
service-template 1 vlan-id 20
service-template 2 vlan-id 30
radio enable
#
wlan ips
malformed-detect-policy default
signature deauth_flood signature-id 1
signature broadcast_deauth_flood signature-id 2
signature disassoc_flood signature-id 3
signature broadcast_disassoc_flood signature-id 4
signature eapol_logoff_flood signature-id 5
signature eap_success_flood signature-id 6
signature eap_failure_flood signature-id 7
signature pspoll_flood signature-id 8
signature cts_flood signature-id 9
signature rts_flood signature-id 10
signature addba_req_flood signature-id 11
signature-policy default
countermeasure-policy default
attack-detect-policy default
virtual-security-domain default
attack-detect-policy default
malformed-detect-policy default
signature-policy default
countermeasure-policy default
#
dhcp-snooping
#
ip route-static 0.0.0.0 0.0.0.0 172.20.1.1
#
undo info-center enable
#
dhcp enable
#
ntp-service refclock-master 2
#
ssh server enable
#
load xml-configuration
#
user-interface con 0
user-interface tty 4
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
#
(0)
我现在的问题是 终端会获取到vlan1的192.168.255.X的ip地址,这个网段是禁止上网的。我不想终端获取这个ip地址有什么办法吗。
(0)
暂无评论
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论