问题描述:
请教:为什么要将ac管理地址设置为1.1.1.段,无法登陆,无法管理,如果再设置一个内网段的地址将其打通,会不会存在冲突问题,(1.1.1.1本身是一个正常使用的外网地址)
******************************************************************************
* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or r***rse-engineering shall be allowed. *
******************************************************************************
Login authentication
Username:*****
Password:
<H3C>dis cu
#
version 5.20, ESS 3703P61
#
sysname H3C
#
domain default enable ******
#
dns proxy enable
#
telnet ****** enable
#
port-security enable
#
wlan client learn-ipaddr enable
#
wlan auto-ap enable
wlan auto-persistent enable
#
password-recovery enable
#
vlan 1
#
vlan 12
#
vlan 30
description to_yewu
#
vlan 200
description to_AP_guanli
#
domain ******
access-limit disable
state active
idle-cut disable
self-*******-url disable
#
dhcp ****** ip-pool 200
network 1.1.1.0 mask 255.255.255.0
gateway-list 1.1.1.1
#
user-group ******
group-attribute allow-guest
#
local-user *****
password cipher $c$3$zYEkDEEMBpJp9d6ppBVhqpwEHeix2mE9
authorization-attribute l***l 3
*******-type telnet
*******-type web
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11***andatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan *******-template 1 clear
ssid ZHT0204
bind WLAN-ESS 1
#
wlan *******-template 2 crypto
ssid ZHT0204
bind WLAN-ESS 30
cipher-suite ccmp
security-ie rsn
#
wlan *******-template 3 crypto
ssid ZHT_Hotel
bind WLAN-ESS 0
cipher-suite ccmp
security-ie rsn
*******-template enable
#
wlan ap-group default_group
ap 9c06-1b2a-7e80
ap 9c06-1b2a-a180
ap 9c06-1b2a-a220
ap 9c06-1b2a-a460
ap 9c06-1b2a-a7a0
ap 9c06-1b2a-a7e0
ap 9c06-1b2a-a800
ap 9c06-1b2a-a880
ap 9c06-1b2a-a960
ap 9c06-1b2a-aa60
ap 9c06-1b2a-aac0
ap 9c06-1b2a-ace0
ap 9c06-1b2a-ad80
ap 9c06-1b2a-b5a0
ap 9c06-1b2a-e860
ap 9c06-1b2a-f500
ap 9c06-1b2b-2e80
ap 9c06-1b2b-2fa0
dot11a *******-template 1
dot11bg *******-template 1
dot11a radio enable
dot11bg radio enable
#
inte***ce Cellular1/0/1
async mode protocol
link-protocol ppp
#
inte***ce NULL0
#
inte***ce Vlan-inte***ce12
#
inte***ce Vlan-inte***ce200
ip address 1.1.1.1 255.255.255.0
#
inte***ce GigabitEthernet1/0/5
port link-mode route
#
inte***ce GigabitEthernet1/0/1
port link-mode bridge
port access vlan 200
#
inte***ce GigabitEthernet1/0/2
port link-mode bridge
#
inte***ce GigabitEthernet1/0/3
port link-mode bridge
#
inte***ce GigabitEthernet1/0/4
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
inte***ce WLAN-ESS0
port link-type hybrid
port hybrid vlan 1 30 untagged
port hybrid pvid vlan 30
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher $c$3$8pzRml2ewcEhCeUZYVTeDmxYiGdp8mhlNoaLCsk2
#
inte***ce WLAN-ESS1
#
inte***ce WLAN-ESS30
port access vlan 30
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher $c$3$LEVCS3pVLyCcMueBZ R6KZg1QoA3TLWaQklsU3Fp
#
wlan ap 9c06-1b2a-7e80 model WAP722E id 16
serial-id 219801A0Q29174G00531
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-a180 model WAP722E id 9
serial-id 219801A0Q29174G00802
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-a220 model WAP722E id 13
serial-id 219801A0Q29174G00904
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-a460 model WAP722E id 10
serial-id 219801A0Q29174G00886
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-a7a0 model WAP722E id 1
serial-id 219801A0Q29174G00860
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-a7e0 model WAP722E id 8
serial-id 219801A0Q29174G00858
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-a800 model WAP722E id 5
serial-id 219801A0Q29174G00857
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-a880 model WAP722E id 7
serial-id 219801A0Q29174G00853
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 1
*******-template 2
radio enable
#
wlan ap 9c06-1b2a-a960 model WAP722E id 4
serial-id 219801A0Q29174G00846
radio 1
*******-template 1
*******-template 2
radio enable
radio 2
*******-template 1
*******-template 2
radio enable
#
wlan ap 9c06-1b2a-aa60 model WAP722E id 3
serial-id 219801A0Q29174G00838
radio 1
*******-template 1
*******-template 2
radio enable
radio 2
*******-template 1
*******-template 2
radio enable
#
wlan ap 9c06-1b2a-aac0 model WAP722E id 2
serial-id 219801A0Q29174G00835
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-ace0 model WAP722E id 17
serial-id 219801A0Q29174G00818
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-ad80 model WAP722E id 15
serial-id 219801A0Q29174G00859
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-b5a0 model WAP722E id 6
serial-id 219801A0Q29174G00971
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-e860 model WAP722E id 14
serial-id 219801A0Q39174G00343
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-f500 model WAP722E id 11
serial-id 219801A0Q39174G00720
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2b-2e80 model WAP722E id 18
serial-id 219801A0Q39174G00582
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2b-2fa0 model WAP722E id 12
serial-id 219801A0Q39174G00591
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ips
malformed-detect-policy default
signature deauth_flood signature-id 1
signature broadcast_deauth_flood signature-id 2
signature disassoc_flood signature-id 3
signature broadcast_disassoc_flood signature-id 4
signature eapol_logoff_flood signature-id 5
signature eap_success_flood signature-id 6
signature eap_failure_flood signature-id 7
signature pspoll_flood signature-id 8
signature cts_flood signature-id 9
signature rts_flood signature-id 10
signature addba_req_flood signature-id 11
signature-policy default
countermeasure-policy default
attack-detect-policy default
virtual-security-domain default
attack-detect-policy default
malformed-detect-policy default
signature-policy default
countermeasure-policy default
#
undo info-center enable
#
snmp-agent
snmp-agent local-engineid 800063A203D461FEFCF549
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version all
#
dhcp enable
#
ntp-******* refclock-****** 2
#
load xml-configuration
#
user-inte***ce con 0
user-inte***ce tty 4
user-inte***ce vty 0 4
authentication-mode scheme
user privilege l***l 3
#
return
<H3C>
组网及组网描述:
请教:为什么要将ac管理地址设置为1.1.1.段,无法登陆,无法管理,如果再设置一个内网段的地址将其打通,会不会存在冲突问题,(1.1.1.1本身是一个正常使用的外网地址)
******************************************************************************
* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or r***rse-engineering shall be allowed. *
******************************************************************************
Login authentication
Username:*****
Password:
<H3C>dis cu
#
version 5.20, ESS 3703P61
#
sysname H3C
#
domain default enable ******
#
dns proxy enable
#
telnet ****** enable
#
port-security enable
#
wlan client learn-ipaddr enable
#
wlan auto-ap enable
wlan auto-persistent enable
#
password-recovery enable
#
vlan 1
#
vlan 12
#
vlan 30
description to_yewu
#
vlan 200
description to_AP_guanli
#
domain ******
access-limit disable
state active
idle-cut disable
self-*******-url disable
#
dhcp ****** ip-pool 200
network 1.1.1.0 mask 255.255.255.0
gateway-list 1.1.1.1
#
user-group ******
group-attribute allow-guest
#
local-user *****
password cipher $c$3$zYEkDEEMBpJp9d6ppBVhqpwEHeix2mE9
authorization-attribute l***l 3
*******-type telnet
*******-type web
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11***andatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan *******-template 1 clear
ssid ZHT0204
bind WLAN-ESS 1
#
wlan *******-template 2 crypto
ssid ZHT0204
bind WLAN-ESS 30
cipher-suite ccmp
security-ie rsn
#
wlan *******-template 3 crypto
ssid ZHT_Hotel
bind WLAN-ESS 0
cipher-suite ccmp
security-ie rsn
*******-template enable
#
wlan ap-group default_group
ap 9c06-1b2a-7e80
ap 9c06-1b2a-a180
ap 9c06-1b2a-a220
ap 9c06-1b2a-a460
ap 9c06-1b2a-a7a0
ap 9c06-1b2a-a7e0
ap 9c06-1b2a-a800
ap 9c06-1b2a-a880
ap 9c06-1b2a-a960
ap 9c06-1b2a-aa60
ap 9c06-1b2a-aac0
ap 9c06-1b2a-ace0
ap 9c06-1b2a-ad80
ap 9c06-1b2a-b5a0
ap 9c06-1b2a-e860
ap 9c06-1b2a-f500
ap 9c06-1b2b-2e80
ap 9c06-1b2b-2fa0
dot11a *******-template 1
dot11bg *******-template 1
dot11a radio enable
dot11bg radio enable
#
inte***ce Cellular1/0/1
async mode protocol
link-protocol ppp
#
inte***ce NULL0
#
inte***ce Vlan-inte***ce12
#
inte***ce Vlan-inte***ce200
ip address 1.1.1.1 255.255.255.0
#
inte***ce GigabitEthernet1/0/5
port link-mode route
#
inte***ce GigabitEthernet1/0/1
port link-mode bridge
port access vlan 200
#
inte***ce GigabitEthernet1/0/2
port link-mode bridge
#
inte***ce GigabitEthernet1/0/3
port link-mode bridge
#
inte***ce GigabitEthernet1/0/4
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
inte***ce WLAN-ESS0
port link-type hybrid
port hybrid vlan 1 30 untagged
port hybrid pvid vlan 30
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher $c$3$8pzRml2ewcEhCeUZYVTeDmxYiGdp8mhlNoaLCsk2
#
inte***ce WLAN-ESS1
#
inte***ce WLAN-ESS30
port access vlan 30
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher $c$3$LEVCS3pVLyCcMueBZ R6KZg1QoA3TLWaQklsU3Fp
#
wlan ap 9c06-1b2a-7e80 model WAP722E id 16
serial-id 219801A0Q29174G00531
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-a180 model WAP722E id 9
serial-id 219801A0Q29174G00802
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-a220 model WAP722E id 13
serial-id 219801A0Q29174G00904
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-a460 model WAP722E id 10
serial-id 219801A0Q29174G00886
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-a7a0 model WAP722E id 1
serial-id 219801A0Q29174G00860
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-a7e0 model WAP722E id 8
serial-id 219801A0Q29174G00858
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-a800 model WAP722E id 5
serial-id 219801A0Q29174G00857
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-a880 model WAP722E id 7
serial-id 219801A0Q29174G00853
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 1
*******-template 2
radio enable
#
wlan ap 9c06-1b2a-a960 model WAP722E id 4
serial-id 219801A0Q29174G00846
radio 1
*******-template 1
*******-template 2
radio enable
radio 2
*******-template 1
*******-template 2
radio enable
#
wlan ap 9c06-1b2a-aa60 model WAP722E id 3
serial-id 219801A0Q29174G00838
radio 1
*******-template 1
*******-template 2
radio enable
radio 2
*******-template 1
*******-template 2
radio enable
#
wlan ap 9c06-1b2a-aac0 model WAP722E id 2
serial-id 219801A0Q29174G00835
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-ace0 model WAP722E id 17
serial-id 219801A0Q29174G00818
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-ad80 model WAP722E id 15
serial-id 219801A0Q29174G00859
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-b5a0 model WAP722E id 6
serial-id 219801A0Q29174G00971
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-e860 model WAP722E id 14
serial-id 219801A0Q39174G00343
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2a-f500 model WAP722E id 11
serial-id 219801A0Q39174G00720
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2b-2e80 model WAP722E id 18
serial-id 219801A0Q39174G00582
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ap 9c06-1b2b-2fa0 model WAP722E id 12
serial-id 219801A0Q39174G00591
radio 1
*******-template 2
*******-template 3
radio enable
radio 2
*******-template 2
*******-template 3
radio enable
#
wlan ips
malformed-detect-policy default
signature deauth_flood signature-id 1
signature broadcast_deauth_flood signature-id 2
signature disassoc_flood signature-id 3
signature broadcast_disassoc_flood signature-id 4
signature eapol_logoff_flood signature-id 5
signature eap_success_flood signature-id 6
signature eap_failure_flood signature-id 7
signature pspoll_flood signature-id 8
signature cts_flood signature-id 9
signature rts_flood signature-id 10
signature addba_req_flood signature-id 11
signature-policy default
countermeasure-policy default
attack-detect-policy default
virtual-security-domain default
attack-detect-policy default
malformed-detect-policy default
signature-policy default
countermeasure-policy default
#
undo info-center enable
#
snmp-agent
snmp-agent local-engineid 800063A203D461FEFCF549
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version all
#
dhcp enable
#
ntp-******* refclock-****** 2
#
load xml-configuration
#
user-inte***ce con 0
user-inte***ce tty 4
user-inte***ce vty 0 4
authentication-mode scheme
user privilege l***l 3
#
return
<H3C>
我现在是想远程登陆,现在ac只实现ap管理,无法远程登陆ac管理ac本身,ac与核心连接的是四口,核心上该端口只配置了port access vlan 200