华为交换机网络规划-案例-USB迷|专注于互联网分享

2023年12月16日发(作者：哈睿博)

企

一、网络VLAN地址规划2

二、网络设备IP地址规划2三、网络拓扑如下3

四、核心交换机接口配置3

五、网管平台配置4

业

网

络

规

划

. z.

六、网络设备参数设置4

〔1〕外网核心交换机配置4

〔2〕防火墙配置21

〔3〕AC6605-无线控制器配置34

〔4〕接入交换机配置60

一、网络VLAN地址规划

VLAN号

1000

说明

互联网有线用户段

监控网络段

无线用户段

无线AP地址段

保存

与防火墙互联网段

设备管理段

IP地址段

网关

二、网络设备IP地址规划

设备名称

防火墙

设备型号

USG2250

设备地址

192.168.60.

. z.

登录密码

PASS:admin123

核心交换机-WW

核心交换机-JK

无线控制器

接入交换机01

接入交换机02

接入交换机03

接入交换机04

接入交换机05

接入交换机06

接入交换机07

接入交换机08

接入交换机09

接入交换机10

S7706

AC6605

admin123

Admin123

admin123

S5700-28P-PWR-LI-AC

S5700-28P-LI-AC

三、网络拓扑如下

图例1：互联网网络拓扑

图例2：监控网络拓扑

四、核心交换机接口配置

互联网核心交换机

. z.

接防火墙

接AC

2 4 6

TRUNK

8 10 12 14 16 18

VLAN VLAN

TRUNK TRUNK TRUNK TRUNK TRUNK TRUNK

9 11 13 15 17 19

VLAN VLAN

10 10

TRUNK TRUNK TRUNK TRUNK TRUNK TRUNK

说明:VLAN10---接PC机上网。 TRUNK---接接入交换机。*---光电复用接口。

监控交换机

0 2 4 6

TRUNK

8 10 12 14 16 18

VLAN VLAN VLAN

TRUNK TRUNK TRUNK TRUNK TRUNK TRUNK

9 11 13 15 17 19

VLAN VLAN VLAN

20 20 20

TRUNK TRUNK TRUNK TRUNK TRUNK TRUNK

说明：VLAN20---接监控PC或终端。TRUNK---接接入交换机。

五、网管平台配置

IP地址

拓扑管理:

型号

HP DL360eGen8

密码

Administrator

网管平台密码

admin/1234

六、网络设备参数设置

（1）外网核心交换机配置

display current-configuration

!Software Version V200R003C00SPC500

. z.

sysname TYG-WW-Core

vlan batch 10 20 30 40 50 60 1000

observe-port 1 interface GigabitEthernet3/0/4

lldp enable

undo nap slave enable

dba-profile default0 type3 assure 40000 ma* 80000

dhcp enable

dhcp snooping enable

diffserv domain default

line-profile default0

service-profile default0

. z.

vlan 10

description NW-net

vlan 20

description jiankong-net

vlan 30

description NW-AP-client

vlan 40

description NW-AP

vlan 50

description to_tplink

vlan 60

description to_FW

vlan 1000

description management

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

. z.

local-user admin password cipher %%5d~9:M^ipCfLiB)EQd>3Uwe%%

local-user admin service-type

interface Vlanif10

description NW-net

dhcp select interface

interface Vlanif20

description jiankong-net

interface Vlanif30

description NW-AP-client

dhcp select interface

dhcp server lease day 0 hour 6 minute 0

interface Vlanif40

description NW-AP

interface Vlanif50

description to_tplink

interface Vlanif60

. z.

description to_FW

interface Vlanif1000

description management

interface Ethernet0/0/0

interface GigabitEthernet3/0/0

description to_FW

port link-type access

port default vlan 60

interface GigabitEthernet3/0/1

description to_AC6605

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet3/0/2

port link-type access

port default vlan 10

interface GigabitEthernet3/0/3

. z.

port link-type access

port default vlan 10

dhcp snooping enable

interface GigabitEthernet3/0/4

port link-type access

port default vlan 10

dhcp snooping enable

interface GigabitEthernet3/0/5

port link-type access

port default vlan 10

interface GigabitEthernet3/0/6

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet3/0/7

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet3/0/8

. z.

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet3/0/9

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet3/0/10

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet3/0/11

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet3/0/12

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet3/0/13

port link-type trunk

port trunk allow-pass vlan 2 to 4094

. z.

interface GigabitEthernet3/0/14

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet3/0/15

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet3/0/16

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet3/0/17

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet3/0/18

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet3/0/19

. z.

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet3/0/20

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet3/0/21

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet3/0/22

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet3/0/23

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface NULL0

. z.

snmp-agent

snmp-agent local-engineid 800007DB03D46AA880E600

snmp-agent munity read

cipher %$%$T'&>Legw4'c8h]-Y.|!8;*rp(TP(+e*2C$/)e4,8B:+&*rs;5+o-feDqC$8Z4A6t$TNr|;*%$%$ mib-view iso-view

snmp-agent munity write

cipher %$%$fgbY*V!,O/)**mGHz$;Ko-Z6l-UA_Ul*['`gV(moKGKo0;!gLuG:sugKBt*>(yroQo9;K%$%$ mib-view iso-view

snmp-agent sys-info version all

snmp-agent target-host trap address udp-domain 192.168.10.253 params securityname

cipher %%m>mV:Q:`v8ciq0Y~C/U0;Kp8%% v2c

snmp-agent mib-view included iso-view iso

snmp-agent trap source Vlanif1000

user-interface con 0

authentication-mode password

set authentication password

cipher %%W^Jp(2C;L;B_lSU41o+~,*DE,v{~U6%)E*j&*IOM%GJ*DH,%%

user-interface vty 0 4

authentication-mode password

user privilege level 15

. z.

set authentication password

cipher %%dz`e*2MdU*+W*9.[~^,M=*a7Iy6U/<-]-PT}J7*hTO7*a:=%%

user-interface vty 16 20

port-group 1

group-member GigabitEthernet3/0/0

group-member GigabitEthernet3/0/1

group-member GigabitEthernet3/0/2

group-member GigabitEthernet3/0/3

group-member GigabitEthernet3/0/4

group-member GigabitEthernet3/0/5

group-member GigabitEthernet3/0/6

group-member GigabitEthernet3/0/7

group-member GigabitEthernet3/0/8

group-member GigabitEthernet3/0/9

group-member GigabitEthernet3/0/10

group-member GigabitEthernet3/0/11

group-member GigabitEthernet3/0/12

group-member GigabitEthernet3/0/13

group-member GigabitEthernet3/0/14

group-member GigabitEthernet3/0/15

group-member GigabitEthernet3/0/16

. z.

group-member GigabitEthernet3/0/17

group-member GigabitEthernet3/0/18

group-member GigabitEthernet3/0/19

group-member GigabitEthernet3/0/20

group-member GigabitEthernet3/0/21

group-member GigabitEthernet3/0/22

group-member GigabitEthernet3/0/23

return

dis int bri

PHY: Physical

*down: administratively down

^down: standby

(l): loopback

(s): spoofing

(E): E-Trunk down

(b): BFD down

(e): ETHOAM down

(dl): DLDP down

(d): Dampening Suppressed

InUti/OutUti: input utility/output utility

. z.

Interface PHY Protocol InUti OutUti inErrors outErrors

GigabitEthernet3/0/0 up up 1.42% 0.50% 0 0

GigabitEthernet3/0/1 up up 0.04% 0.44% 0 0

GigabitEthernet3/0/2 up up 2.31% 1.82% 0 0

GigabitEthernet3/0/3 up up 0% 0% 0 0

GigabitEthernet3/0/4

GigabitEthernet3/0/5

GigabitEthernet3/0/6

GigabitEthernet3/0/7

GigabitEthernet3/0/8

GigabitEthernet3/0/9

GigabitEthernet3/0/10

GigabitEthernet3/0/11

down down

0% 0%

GigabitEthernet3/0/12 down down 0% 0% 0

GigabitEthernet3/0/13 down down 0% 0% 0

GigabitEthernet3/0/14 up up 0.01% 0.12% 0 0

GigabitEthernet3/0/15

GigabitEthernet3/0/16

GigabitEthernet3/0/17

GigabitEthernet3/0/18

GigabitEthernet3/0/19

GigabitEthernet3/0/20

GigabitEthernet3/0/21

GigabitEthernet3/0/22

GigabitEthernet3/0/23

NULL0

Vlanif10

down down 0% 0%

up up 0% 0%

down down 0% 0%

up up 0% 0%

down down 0% 0%

up up 0.23% 0.68%

down down 0% 0%

up up 0% 0%

down down 0% 0%

up up(s) 0% 0%

up up -- --

. z.

0 0

Vlanif20 up up -- -- 0 0

Vlanif30 up up -- -- 0 0

Vlanif40 up up -- -- 0 0

Vlanif50 up down -- -- 0 0

Vlanif60 up up -- -- 0 0

Vlanif1000 up up --

dis ip int b

*down: administratively down

!down: FIB overload down

^down: standby

(l): loopback

(s): spoofing

(d): Dampening Suppressed

(E): E-Trunk down

The number of interface that is UP in Physical is 8

The number of interface that is DOWN in Physical is 1

The number of interface that is UP in Protocol is 7

The number of interface that is DOWN in Protocol is 2

Interface IP Address/Mask

Ethernet0/0/0 unassigned

Physical

down

Protocol

down

NULL0 unassigned up up(s)

Vlanif50 unassigned up down

dis ip rou

Route Flags: R - relay, D - download to fib

------------------------------------------------------------------------------

Routing Tables: Public

Destinations : 15 Routes : 15

Destination/Mask Proto Pre Cost Flags Ne*tHop Interface

dis vers

Huawei Versatile Routing Platform Software

VRP (R) software, Version 5.130 (S7700 V200R003C00SPC500)

Quidway S7706 Terabit Routing Switch uptime is 0 week, 2 days, 4 hours, 5 minutes

BKP 0 version information:

1. PCB Version : LE02BAKI VER.A

2. Support PoE : No

3. Board Type : ES0B00770600

4. MPU Slot Quantity : 2

5. LPU Slot Quantity : 6

MPU 7(Master) : uptime is 0 week, 2 days, 4 hours, 4 minutes

SDRAM Memory Size : 1024 M bytes

Flash Memory Size : 64 M bytes

. z.

NVRAM Memory Size : 512 K bytes

CF Card1 Memory Size : 488 M bytes

MPU version information :

1. PCB Version : LE02SRUA VER.D

2. MAB Version : 8

3. Board Type : ES0D00SRUA00

4. CPLD0 Version : 101

5. BootROM Version : 171

6. BootLoad Version : 0203.007a

LPU 3 : uptime is 0 week, 2 days, 4 hours, 4 minutes

SDRAM Memory Size : 256 M bytes

Flash Memory Size : 16 M bytes

LPU version information :

1. PCB Version : LE02G24C VER.D

2. MAB Version : 0

3. Board Type : ES0D0G24CA00

4. CPLD0 Version : 103

5. BootROM Version : 171

6. BootLoad Version : 0203.00a1

CMU 9(Master) : uptime is 0 week, 2 days, 4 hours, 4 minutes

CMU version information :

1. PCB Version : LE02CMUA VER.B

. z.

2. MAB Version : 0

3. Board Type : LE0DCMUA0000

（2）防火墙配置

display current-configuration

15:08:49 2021/08/14

sysname USG2250

l2tp enable

l2tp domain suffi*-separator

firewall packet-filter default permit interzone local trust direction inbound

firewall packet-filter default permit interzone local trust direction outbound

firewall packet-filter default permit interzone local untrust direction outbound

firewall packet-filter default permit interzone local dmz direction outbound

firewall packet-filter default permit interzone trust untrust direction outbound

ip df-unreachables enable

firewall ipv6 session link-state check

firewall ipv6 statistic system enable

. z.

dns resolve

dns server unnumbered interface Dialer0

firewall defend udp-short-header enable

firewall defend -flood enable

firewall defend port-scan enable

firewall defend ip-sweep enable

firewall defend teardrop enable

firewall defend ip-fragment enable

firewall defend tcp-flag enable

firewall defend winnuke enable

firewall defend fraggle enable

firewall defend ping-of-death enable

firewall defend icmp-flood enable

firewall defend udp-flood enable

firewall defend syn-flood enable

firewall defend smurf enable

firewall defend land enable

firewall defend ip-spoofing enable

firewall defend arp-flood enable

firewall defend arp-spoofing enable

. z.

firewall defend udp-flood base-session ma*-rate 1000

firewall defend icmp-flood base-session ma*-rate 255

firewall statistic system enable

pki certificate access-control-policy default permit

dns pro*y enable

ddns client enable

license-server domain .

lldp enable

web-manager enable

web-manager security enable port 8443

undo web-manager config-guide enable

user-manage web-authentication security port 8888

interface Dialer0

. z.

link-protocol ppp

ppp chap user 0251

ppp chap password cipher %$%$om.k'H.-J&:zO<-ibUR14+"%$%$

ppp pap local-user 0251

password cipher %$%$`C*:B)5*.+r&e%86-$%$%$

ppp ipcp dns admit-any

ip address ppp-negotiate

dialer user 0251

dialer bundle 1

nat enable

detect ftp

interface Cellular0/1/0

link-protocol ppp

interface Cellular0/1/1

link-protocol ppp

interface GigabitEthernet0/0/0

lldp enable

lldp tlv-enable basic-tlv all

. z.

interface GigabitEthernet0/0/1

pppoe-client dial-bundle-number 1

lldp enable

lldp tlv-enable basic-tlv all

interface NULL0

firewall zone local

set priority 100

firewall zone trust

set priority 85

detect ftp

detect rtsp

detect pptp

add interface GigabitEthernet0/0/0

firewall zone untrust

set priority 5

detect ftp

detect rtsp

detect pptp

. z.

add interface Dialer0

add interface GigabitEthernet0/0/1

firewall zone dmz

set priority 50

detect ftp

detect rtsp

detect pptp

firewall interzone local trust

detect ftp

detect pptp

detect rtsp

firewall interzone local untrust

detect ftp

detect pptp

detect rtsp

firewall interzone local dmz

detect ftp

detect pptp

. z.

detect rtsp

firewall interzone trust untrust

detect ftp

detect pptp

detect rtsp

firewall interzone trust dmz

detect ftp

detect pptp

detect rtsp

firewall interzone dmz untrust

detect ftp

detect pptp

detect rtsp

aaa

local-user sun password cipher %$%$%D%Q5`7=3FRKi)8MrP59<7.%$%$

local-user su service-type ftp web terminal telnet

local-user sun level 15

. z.

local-user admin password cipher %$%$rugI4}u6)"4=bg!%d*g~,kbY%$%$

local-user admin service-type web terminal telnet

local-user admin level 15

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain dot1*

nqa-jitter tag-version 1

ip route-static 0.0.0.0 0.0.0.0 Dialer0

snmp-agent

snmp-agent local-engineid 000007DB7F857

snmp-agent munity write %$%$|PVS8KS``>:5ro0b0eCR;of]%$%$ mib-view iso-view

snmp-agent munity read %$%$:99A)S:^z7GhSiPId0&K;F=4%$%$ mib-view iso-view

snmp-agent sys-info contact R&D Huawei Technologies Co.,Ltd.

. z.

snmp-agent sys-info version all

snmp-agent target-host trap address udp-domain 192.168.10.253 params

securityname %$%$a6IY(uUaV0|P1l.T{&$O;/&z%$%$ v2c

snmp-agent mib-view included iso-view iso

snmp-agent packet ma*-size 12000

banner enable

user-interface con 0

authentication-mode aaa

user-interface tty 2 3

authentication-mode password

modem both

user-interface vty 0 4

authentication-mode aaa

protocol inbound all

ip address-set 网192.168.10 type object

description 网有线

address 0 192.168.10.0 mask 24

ip address-set 网192.168.30.0 type object

. z.

description 网无线用户

address 0 192.168.30.24 mask 32

slb

cwmp

right-manager server-group

policy interzone local untrust inbound

policy 0

action permit

policy service service-set telnet

policy service service-set

policy service service-set s

policy service service-set ssh

policy service service-set l2tp

policy service service-set icmp

nat-policy interzone trust untrust outbound

policy 0

action source-nat

. z.

policy source address-set 网

easy-ip Dialer0

policy 1

action source-nat

policy source address-set 网

easy-ip Dialer0

return

DIS IP IN TB

Error: Wrong parameter found at '^' position.

ids ip in

Error: Wrong parameter found at '^' position.

dis ip int b

15:09:03 2021/08/14

*down: administratively down

(s): spoofing

Interface IP Address

Cellular0/1/0 unassigned

Physical Protocol Description

down up(s) Huawei, USG2200

Cellular0/1/1 unassigned down up(s) Huawei, USG2200

Dialer0 22.95.58.230 up up(s) Huawei, USG2200

GigabitEthernet0/0/0 192.168.60.1 up up Huawei, USG2200

GigabitEthernet0/0/1 unassigned up down Huawei, USG2200

dis int bri

15:09:05 2021/08/14

PHY: Physical

*down: administratively down

^down: standby down

(s): spoofing

InUti/OutUti: input utility/output utility

Interface PHY Protocol InUti OutUti inErrors outErrors

Cellular0/1/0 down up(s) 0% 0% 0

Cellular0/1/1 down up(s) 0% 0% 0

Dialer0 up up(s) -- -- 0

GigabitEthernet0/0/0 up up 0.55% 1% 0

GigabitEthernet0/0/1 up down 1% 0.55% 0

NULL0 up up(s) 0% 0% 0

. z.

dis ip rou

15:09:09 2021/08/14

Route Flags: R - relay, D - download to fib

------------------------------------------------------------------------------

Routing Tables: Public

Destinations : 12 Routes : 12

Destination/Mask Proto Pre Cost Flags Ne*tHop Interface

dis vers

15:09:15 2021/08/14

Huawei Versatile Routing Platform Software

Software Version: USG2200 V300R001C10SPC100 (VRP (R) Software, Version 5.30)

Secoway USG2250 uptime is 0 week, 2 days, 4 hours, 17 minutes

RPU's Version Information:

2048M bytes SDRAM

64M bytes FLASH

128K bytes NVRAM

Pcb Version : VER.A

CPLD Logic Version : 009B

FPGA Logic Version : 017

Small BootROM Version : 536

. z.

Big BootROM Version : 714

（3） AC6605-无线控制器配置

[AC6605]display current-configuration

snmp-agent local-engineid 800007DB0330D17E7303EC

snmp-agent munity

read %%

snmp-agent munity ple*ity-check disable

snmp-agent mib-view iso-view include iso

snmp-agent

secure-server ssl-policy default_policy

server enable

secure-server enable

info-center timestamp log format-date

vlan batch 30 40 100 1000

lldp enable

. z.

dhcp enable

diffserv domain default

vlan 30

description description NW-AP-client

vlan 40

description NW-AP

vlan 100

description to_NW-Core

vlan 1000

description managemet

pki realm default

enrollment self-signed

ssl policy default_policy type server

pki-realm default

aaa

authentication-scheme default

authorization-scheme default

. z.

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher %%IyLi(s!nl/euuILT%(q6~6;i%%

local-user admin privilege level 15

local-user admin service-type telnet web

interface Vlanif30

description NW-AP-client

interface Vlanif40

description NW-AP

ip address 192.168.40.100 255.255.255.0

dhcp select interface

dhcp server e*cluded-ip-address 192.168.40.254

interface Vlanif1000

description managemet

ip address 10.10.10.100 255.255.255.0

interface MEth0/0/1

ip address 169.254.1.1 255.255.0.0

. z.

interface GigabitEthernet0/0/1

description to_7706

port link-type trunk

port trunk allow-pass vlan 2 to 4094

interface GigabitEthernet0/0/2

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/3

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/4

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/5

. z.

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/6

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/7

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/8

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/9

port link-type trunk

port trunk pvid vlan 40

. z.

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/10

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/11

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/12

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/13

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

. z.

interface GigabitEthernet0/0/14

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/15

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/16

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/17

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/18

port link-type trunk

. z.

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/19

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/20

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/21

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/22

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

. z.

interface GigabitEthernet0/0/23

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface GigabitEthernet0/0/24

port link-type trunk

port trunk pvid vlan 40

port trunk allow-pass vlan 30 40

interface *GigabitEthernet0/0/1

interface *GigabitEthernet0/0/2

interface Wlan-Ess1

description ess01

port hybrid pvid vlan 30

port hybrid untagged vlan 30

interface NULL0

. z.

user-interface con 0

authentication-mode password

set authentication password

cipher %%(/Wd$4CLnB;'Q1C{zi*,""

user-interface vty 0 4

authentication-mode password

user privilege level 15

set authentication password

cipher %%3]*(OkZtR00BA&9)}[U,*")I+C!>dvo,8r!_&%)T}%D*",,%%

protocol inbound all

user-interface vty 16 20

port-group 1

group-member GigabitEthernet0/0/2

group-member GigabitEthernet0/0/3

group-member GigabitEthernet0/0/4

group-member GigabitEthernet0/0/5

group-member GigabitEthernet0/0/6

group-member GigabitEthernet0/0/7

group-member GigabitEthernet0/0/8

group-member GigabitEthernet0/0/9

. z.

group-member GigabitEthernet0/0/10

group-member GigabitEthernet0/0/11

group-member GigabitEthernet0/0/12

group-member GigabitEthernet0/0/13

group-member GigabitEthernet0/0/14

group-member GigabitEthernet0/0/15

group-member GigabitEthernet0/0/16

group-member GigabitEthernet0/0/17

group-member GigabitEthernet0/0/18

group-member GigabitEthernet0/0/19

group-member GigabitEthernet0/0/20

group-member GigabitEthernet0/0/21

group-member GigabitEthernet0/0/22

group-member GigabitEthernet0/0/23

group-member GigabitEthernet0/0/24

wlan

wlan ac source interface vlanif40

wlan ap lldp enable

ap-auth-mode sn-auth

ap id 0 type-id 19 mac ac85-3db7-c840 sn 2102354196W0E5003163

ap id 1 type-id 19 mac ac85-3db7-c100 sn 2102354196W0E5003105

. z.

access priority normal

ap id 2 type-id 19 mac ac85-3db7-afe0 sn 2102354196W0E5002968

ap id 3 type-id 19 mac ac85-3db7-c540 sn 2102354196W0E5003139

ap id 4 type-id 19 mac ac85-3db7-c8c0 sn 2102354196W0E5003167

ap id 5 type-id 19 mac ac85-3db7-c3c0 sn 2102354196W0E5003127

ap id 6 type-id 19 mac ac85-3db7-c400 sn 2102354196W0E5003129

ap id 7 type-id 19 mac ac85-3db7-c880 sn 2102354196W0E5003165

ap id 8 type-id 19 mac ac85-3db7-b0a0 sn 2102354196W0E5002974

ap id 9 type-id 19 mac ac85-3db7-c700 sn 2102354196W0E5003153

ap id 10 type-id 28 mac 1051-724b-bf20 sn 0E7000091

ap id 11 type-id 28 mac 1051-724b-8a20 sn 0E7000071

ap id 12 type-id 28 mac 1051-724b-bda0 sn 0E7000079

ap id 13 type-id 28 mac 1051-724b-bd80 sn 0E7000078

ap id 14 type-id 28 mac 1051-721a-14a0 sn 0E7000067

ap id 15 type-id 28 mac 1051-724b-bf40 sn 0E7000092

ap id 16 type-id 28 mac 1051-724b-bee0 sn 0E7000089

ap id 17 type-id 28 mac 1051-724b-be80 sn 0E7000086

ap id 18 type-id 28 mac 1051-724b-8ac0 sn 0E7000076

ap id 19 type-id 28 sn 0E7000296

ap id 20 type-id 28 mac 1051-7254-8fe0 sn 0E7000257

ap id 21 type-id 28 sn 0E7000250

ap id 22 type-id 28 mac 1051-7254-8fa0 sn 0E7000255

. z.

ap id 23 type-id 28 sn 0E7000251

ap id 24 type-id 28 sn 0E7000282

ap id 25 type-id 28 sn 0E7000258

ap id 26 type-id 28 mac 1051-7254-91e0 sn 0E7000273

ap id 27 type-id 28 mac 1051-724b-bd60 sn 0E7000077

ap id 28 type-id 28 sn 0E7000138

ap id 29 type-id 28 sn 0E7000146

ap id 30 type-id 19 mac ac85-3db7-c5e0 sn 2102354196W0E5003144

ap id 31 type-id 19 mac ac85-3db7-c500 sn 2102354196W0E5003137

ap id 32 type-id 19 mac ac85-3db7-bfa0 sn 2102354196W0E5003094

ap id 33 type-id 19 mac ac85-3db7-c740 sn 2102354196W0E5003155

ap id 34 type-id 19 mac ac85-3db7-c600 sn 2102354196W0E5003145

ap id 35 type-id 19 mac ac85-3db7-bec0 sn 2102354196W0E5003087

wmm-profile name default id 0

traffic-profile name default id 0

security-profile name default id 0

security-profile name anquanmoban01 id 1

security-policy wpa-wpa2

wpa-wpa2 authentication-method psk pass-phrase

cipher %%FU^yEmQ$SZV/qP02pcI~Ma.%% encryption-method tkip

security-profile name anquanmoban02 id 2

security-profile name anquanmoban03 id 3

. z.

service-set name fuwuji02 id 1

wlan-ess 1

ssid SunPalace-Free

user-isolate

traffic-profile id 0

security-profile id 2

dhcp snooping

service-vlan 30

radio-profile name shebinmban2.4g01 id 0

wmm-profile id 0

radio-profile name shepinmoban5g01 id 1

radio-type 80211n

wmm-profile id 0

radio-profile name moban5G02 id 2

wmm-profile id 0

ap 0 radio 0

radio-profile id 0

service-set id 1 wlan 2

ap 0 radio 1

radio-profile id 1

ap 1 radio 0

radio-profile id 0

. z.

service-set id 1 wlan 2

ap 1 radio 1

radio-profile id 1

ap 2 radio 0

radio-profile id 0

service-set id 1 wlan 2

ap 2 radio 1

radio-profile id 1

ap 3 radio 0

radio-profile id 0

ap 3 radio 1

radio-profile id 1

ap 4 radio 0

radio-profile id 0

ap 4 radio 1

radio-profile id 1

ap 5 radio 0

radio-profile id 0

service-set id 1 wlan 2

ap 5 radio 1

radio-profile id 1

ap 6 radio 0

. z.

radio-profile id 0

service-set id 1 wlan 2

ap 6 radio 1

radio-profile id 1

ap 7 radio 0

radio-profile id 0

service-set id 1 wlan 2

ap 7 radio 1

radio-profile id 1

ap 8 radio 0

radio-profile id 0

service-set id 1 wlan 2

ap 8 radio 1

radio-profile id 1

ap 9 radio 0

radio-profile id 0

service-set id 1 wlan 2

ap 9 radio 1

radio-profile id 1

ap 10 radio 0