h3c_ac
wx5560
version 7.1.064, Release 5465
#
sysname AC-WX560H
#
clock timezone BeiJing add 08:00:00
#
wlan global-configuration
calibrate-channel self-decisive enable all
#
dot1x
dot1x authentication-method eap
#
mac-authentication
mac-authentication domain qax
#
dhcp enable
#
dhcp snooping enable
#
lldp global enable
#
password-recovery enable
#
vlan 1
#
vlan 832 to 833
#
vlan 852 to 853
#
vlan-group client
vlan-list 832 to 833
#
wlan service-template aaa-white
ssid wifi_TERMINAL
akm mode dot1x
cipher-suite ccmp
security-ie rsn
client-security authentication-mode dot1x
dot1x domain qax
#
wlan service-template aaa-wifi
ssid wifi_PC
beacon ssid-hide
akm mode dot1x
cipher-suite ccmp
security-ie rsn
client-security authentication-mode dot1x
dot1x domain qax
service-template enable
#
wlan service-template bbb-wifi
ssid wifi_PC
beacon ssid-hide
client forwarding-location ap
akm mode dot1x
cipher-suite ccmp
security-ie rsn
client-security authentication-mode dot1x
dot1x domain qax
service-template enable
#
interface Bridge-Aggregation1
description to HX-SW
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 832 to 833 852 to 853
link-aggregation mode dynamic
dhcp snooping trust
#
interface NULL0
#
interface Vlan-interface1
ip address dhcp-alloc
#
interface Vlan-interface852
description AP_Mgmt
ip address 10.167.252.13 255.255.255.0
#
interface Vlan-interface853
description Mgmt
ip address x.x.x.x 255.255.255.0
#
interface GigabitEthernet1/0/8
port link-mode route
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 832 to 833 852 to 853
port link-aggregation group 1
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 832 to 833 852 to 853
port link-aggregation group 1
#
interface GigabitEthernet1/0/3
port link-mode bridge
#
interface GigabitEthernet1/0/4
port link-mode bridge
#
interface GigabitEthernet1/0/5
port link-mode bridge
#
interface GigabitEthernet1/0/6
port link-mode bridge
#
interface GigabitEthernet1/0/7
port link-mode bridge
#
scheduler logfile size 16
#
line class console
user-role network-admin
#
line class vty
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 4
authentication-mode scheme
user-role network-operator
protocol inbound ssh
#
line vty 5 31
authentication-mode scheme
user-role network-operator
#
ip route-static 0.0.0.0 0 x.x.x.x
#
undo info-center logfile enable
#
snmp-agent
snmp-agent local-engineid 800063A2809023B4B2AFC000000001
snmp-agent community read xxxxxx
snmp-agent sys-info version v2c v3
snmp-agent trap source Vlan-interface853
snmp-agent trap queue-size 500
snmp-agent trap life 600
#
ssh server enable
ssh user linshi service-type stelnet authentication-type password
#
ntp-service enable
ntp-service unicast-server x.x.x.x
#
acl number 3001 name mgmt
rule 10 permit ip source x.x.0.0 0.0.255.255
#
super password role network-admin hash $h$6$huvR2xNctq+R0gYGAsZ7lCiJJfJ8wdPOOSCJprKRvLKHUdiU0wyE8cYZQ9c8TM9WEsAcWUUQ4gZYg==
#
radius scheme qax
primary authentication x.x.x.x
secondary authentication x.x.x.x
key authentication cipher $c$3$WFYe7Ss1G1pzoBsr36wfbiPGvp0ZuvvoHkfl4tyA==
key accounting cipher $c$3$HPtYsfDiWlw9GUwntk2loOCu1oJWkzAbIakAP9iA==
timer quiet 10
timer response-timeout 5
user-name-format without-domain
nas-ip x.x.x.x
#
domain qax
authentication lan-access radius-scheme qax
authorization lan-access none
accounting lan-access none
#
domain system
#
domain default enable qax
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
rule 10 permit command screen-length disable
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user linshi class manage
password hash $h$6aFSiDFH$BOExI+Mk1hucYV8X8vh00Rq0eoELn7QHklm/fLSGxW3SLlbg3I+Vrtj/iUmXtxzWmajXDbCtvW6SKIw==
service-type ssh terminal https
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
ip https acl advanced 3001
ip https enable
#
wlan ap-group aaa
vlan 1
ap-model WA5320S-E
radio 1
radio enable
service-template aaa-wifi vlan-group client
radio 2
radio enable
service-template aaa-wifi vlan-group client
gigabitethernet 1
ap-model WA6330
radio 1
radio enable
service-template aaa-wifi vlan-group client
radio 2
radio enable
service-template aaa-wifi vlan-group client
radio 3
radio enable
service-template aaa-wifi vlan-group client
gigabitethernet 1
smartrate-ethernet 1
#
wlan ap-group bbb
vlan 1
ap-model WA5320S-E
map-configuration flash:/apcfg.txt
radio 1
radio enable
service-template bbb-wifi vlan-group client
radio 2
radio enable
service-template bbb-wifi vlan-group client
gigabitethernet 1
ap-model WA6330
map-configuration flash:/apcfg.txt
radio 1
radio enable
service-template bbb-wifi vlan-group client
radio 2
radio enable
service-template bbb-wifi vlan-group client
radio 3
radio enable
service-template bbb-wifi vlan-group client
gigabitethernet 1
smartrate-ethernet 1
#
wlan ap-group default-group
vlan 1
#
wlan virtual-ap-group default-virtualapgroup
#
cloud-management server domain oasis.h3c.com
#
return