yal714

他在哪种模式下配置，配置过程是什么

欲语还休

我现在也碰到这种事情，你配好了吗？能不能把你的配置发给我看看？

TSCzhangrong

引用:

原帖由 yal714 于 2006-6-25 11:17 发表
他在哪种模式下配置，配置过程是什么

启用WDS，在MAC地址栏把对方AP的MAC地址写上就可以了

欲语还休

谢谢楼上的。。。。。

gino

有两种方式
1.root方式
2.绑定对方mac
但要注意信道要一致

主ap配置如下

#
sysname AP_49D
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
state primary authentication active
state primary accounting active
accounting

radius scheme hunau
primary authentication 172.28.160.1 1645
primary accounting 172.28.160.1 1646
key authentication cams
key accounting cams
user-name-format without-domain
state primary authentication active
state primary accounting active
accounting

domain hunau
radius-scheme hunau
access-limit disable
state active
idle-cut disable

domain system
radius-scheme system
access-limit disable
state active
idle-cut disable

domain default enable hunau
#
local-server nas-ip 127.0.0.1 key huawei

local-user admin
password cipher U2.L\^B%&VHFM,V0.[B^;1!!
service-type telnet level 3
service-type web level 2
#
undo ssid wa1208e
#
ap name AP_49D
#
config-file-auto-save-period set 30
cpu-performance-alarm-limit set 100
undo config-file-auto-save-mode-open
#
web-server max-user-number 5
web-server port 80
#
acl 3001
rule 0 deny udp destination-port eq tftp
rule 1 deny tcp destination-port eq 4444
rule 2 deny tcp destination-port eq 135
rule 3 deny udp destination-port eq 135
rule 4 deny udp destination-port eq netbios-ns
rule 5 deny udp destination-port eq netbios-dgm
rule 6 deny tcp destination-port eq 139
rule 7 deny udp destination-port eq netbios-ssn
rule 8 deny tcp destination-port eq 445
rule 9 deny udp destination-port eq 445
rule 10 deny udp destination-port eq 593
rule 11 deny tcp destination-port eq 593
rule 12 deny tcp destination-port eq 5554
rule 13 deny tcp destination-port eq 9995
rule 14 deny tcp destination-port eq 9996
rule 15 deny udp destination-port eq 1434
rule 16 deny tcp destination-port eq 1068
rule 17 deny tcp destination-port eq 5800
rule 18 deny tcp destination-port eq 5900
rule 19 deny tcp destination-port eq 10080
rule 20 deny tcp destination-port eq 455
rule 21 deny udp destination-port eq 455
rule 22 deny tcp destination-port eq 3208
rule 23 deny tcp destination-port eq 1871
rule 24 deny tcp destination-port eq 4510
rule 25 deny udp destination-port eq 4334
rule 26 deny tcp destination-port eq 4331
rule 27 deny tcp destination-port eq 4557
#
interface Aux0/0
#
vlan 1
#
vlan 80
#
vlan 888
#
interface Vlan-interface1
#
interface Vlan-interface888
ip address 172.28.160.2 255.255.252.0 immediate
#
interface Ethernet0/1
port access vlan 80
firewall packet-filter 3001 inbound
firewall packet-filter 3001 outbound
#
ssid HUNAU
set vlan 80
ap carrier-name hunau
dot1x
dot1x port-control auto
bind domain hunau
authentication link share-key
authentication link open-system
encryption suite wep 5
encryption gtk update base-timer
undo authentication preauthentication
iapp
#
wds-ssid 4944
set access vlan 80
#
wds-ssid 49-28
set access vlan 80
#
wds-ssid 49-30
set access vlan 80
#
radio module 1
channel 6
encryption wep 1 wep40 ascii hunau
encryption wep 2 wep104 ascii 123456789abcd
encryption wep 3 wep104 ascii huaweidefault
encryption wep 4 wep40 ascii zall@
#
radio module 2
channel 149
encryption wep 1 wep40 ascii hunau
encryption wep 2 wep104 ascii 123456789abcd
encryption wep 3 wep104 ascii huaweidefault
encryption wep 4 wep40 ascii zall@
#
interface Wireless-access1/1
port access vlan 80
bind ssid HUNAU
access uplayer
#
interface Wireless-access1/2
port access vlan 80
bind ssid HUNAU
access uplayer
#
interface Wireless-access1/3
port access vlan 80
bind ssid HUNAU
access uplayer
#
interface Wireless-access1/4
port access vlan 80
bind ssid HUNAU
access uplayer
#
interface Wireless-access2/1
port access vlan 80
bind ssid HUNAU
access uplayer
#
interface Wireless-access2/2
port access vlan 80
bind ssid HUNAU
access uplayer
#
interface Wireless-access2/3
port access vlan 80
bind ssid HUNAU
access uplayer
#
interface Wireless-access2/4
port access vlan 80
bind ssid HUNAU
access uplayer
#
interface Wds1/5
port access vlan 80
bind wds-ssid 4944
peer mac-address 00e0-fc89-7e38
#
interface Wds1/6
port access vlan 80
bind wds-ssid 49-28
peer mac-address 00e0-fc89-7eb8
#
interface Wds1/7
port access vlan 80
bind wds-ssid 49-30
peer mac-address 00e0-fc89-7e58
#
interface Wds1/8
#
interface Wds1/9
#
interface Wds1/10
#
interface Wds1/11
#
interface Wds1/12
#
interface Wds1/13
#
interface Wds1/14
#
interface Wds1/15
#
interface Wds1/16
#
interface Wds1/17
#
interface Wds1/18
#
interface Wds1/19
#
interface Wds1/20
#
interface Wds2/5
#
interface Wds2/6
#
interface Wds2/7
#
interface Wds2/8
#
interface Wds2/9
#
interface Wds2/10
#
interface Wds2/11
#
interface Wds2/12
#
interface Wds2/13
#
interface Wds2/14
#
interface Wds2/15
#
interface Wds2/16
#
interface Wds2/17
#
interface Wds2/18
#
interface Wds2/19
#
interface Wds2/20
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 172.28.163.254 preference 60
#
snmp-agent
snmp-agent local-engineid 800007DB00E0FC8980741208
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version all
snmp-agent group v3 g1 read huawei write huawei notify huawei
snmp-agent mib-view included huawei iso
snmp-agent usm-user v3 huawei g1
#
user-interface aux 0
user-interface vty 0
authentication-mode password
user privilege level 3
set authentication password cipher U2.L\^B%&VG%,YZG+F$5"!!!
user-interface vty 1
authentication-mode password
user privilege level 3
set authentication password cipher U2.L\^B%&VEAK+:;8W-P6A!!
user-interface vty 2
authentication-mode password
user privilege level 3
set authentication password cipher U2.L\^B%&VHMRG<`X)%Z4A!!
user-interface vty 3
authentication-mode password
user privilege level 3
set authentication password cipher U2.L\^B%&VF2JZ^-E@VJ=Q!!
user-interface vty 4
authentication-mode password
user privilege level 3
set authentication password cipher U2.L\^B%&VG(W)T[=+HQB1!!
#
age-time 2000
#
return

gino

需要桥接的ap配置

#
sysname AP_28D
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
state primary authentication active
state primary accounting active
accounting

radius scheme hunau
primary authentication 172.28.160.1 1645
primary accounting 172.28.160.1 1646
key authentication cams
key accounting cams
user-name-format without-domain
state primary authentication active
state primary accounting active
accounting

domain hunau
radius-scheme hunau
access-limit disable
state active
idle-cut disable

domain system
radius-scheme system
access-limit disable
state active
idle-cut disable

domain default enable hunau
#
local-server nas-ip 127.0.0.1 key huawei

local-user admin
password cipher U2.L\^B%&VHFM,V0.[B^;1!!
service-type telnet level 3
service-type web level 2
#
undo ssid wa1208e
#
ap name AP_28D
#
config-file-auto-save-period set 30
cpu-performance-alarm-limit set 100
undo config-file-auto-save-mode-open
#
web-server max-user-number 5
web-server port 80
#
acl 3001
rule 0 deny udp destination-port eq tftp
rule 1 deny tcp destination-port eq 4444
rule 2 deny tcp destination-port eq 135
rule 3 deny udp destination-port eq 135
rule 4 deny udp destination-port eq netbios-ns
rule 5 deny udp destination-port eq netbios-dgm
rule 6 deny tcp destination-port eq 139
rule 7 deny udp destination-port eq netbios-ssn
rule 8 deny tcp destination-port eq 445
rule 9 deny udp destination-port eq 445
rule 10 deny udp destination-port eq 593
rule 11 deny tcp destination-port eq 593
rule 12 deny tcp destination-port eq 5554
rule 13 deny tcp destination-port eq 9995
rule 14 deny tcp destination-port eq 9996
rule 15 deny udp destination-port eq 1434
rule 16 deny tcp destination-port eq 1068
rule 17 deny tcp destination-port eq 5800
rule 18 deny tcp destination-port eq 5900
rule 19 deny tcp destination-port eq 10080
rule 20 deny tcp destination-port eq 455
rule 21 deny udp destination-port eq 455
rule 22 deny tcp destination-port eq 3208
rule 23 deny tcp destination-port eq 1871
rule 24 deny tcp destination-port eq 4510
rule 25 deny udp destination-port eq 4334
rule 26 deny tcp destination-port eq 4331
rule 27 deny tcp destination-port eq 4557
#
interface Aux0/0
#
vlan 1
#
vlan 80
#
vlan 888
#
interface Vlan-interface1
#
interface Vlan-interface888
ip address 172.28.160.3 255.255.252.0 immediate
#
interface Ethernet0/1
port access vlan 80
firewall packet-filter 3001 inbound
firewall packet-filter 3001 outbound
#
ssid HUNAU
set vlan 80
ap carrier-name hunau
dot1x
dot1x port-control auto
bind domain hunau
authentication link share-key
authentication link open-system
encryption suite wep 5
encryption gtk update base-timer
undo authentication preauthentication
iapp
#
wds-ssid 49-28
set access vlan 80
#
radio module 1
channel 6
encryption wep 1 wep40 ascii hunau
encryption wep 2 wep104 ascii 123456789abcd
encryption wep 3 wep104 ascii huaweidefault
encryption wep 4 wep40 ascii zall@
#
radio module 2
channel 149
encryption wep 1 wep40 ascii hunau
encryption wep 2 wep104 ascii 123456789abcd
encryption wep 3 wep104 ascii huaweidefault
encryption wep 4 wep40 ascii zall@
#
interface Wireless-access1/1
port access vlan 80
bind ssid HUNAU
access uplayer
#
interface Wireless-access1/2
port access vlan 80
bind ssid HUNAU
access uplayer
#
interface Wireless-access1/3
port access vlan 80
bind ssid HUNAU
access uplayer
#
interface Wireless-access1/4
port access vlan 80
bind ssid HUNAU
access uplayer
#
interface Wireless-access2/1
port access vlan 80
bind ssid HUNAU
access uplayer
#
interface Wireless-access2/2
port access vlan 80
bind ssid HUNAU
access uplayer
#
interface Wireless-access2/3
port access vlan 80
bind ssid HUNAU
access uplayer
#
interface Wireless-access2/4
port access vlan 80
bind ssid HUNAU
access uplayer
#
interface Wds1/5
port access vlan 80
bind wds-ssid 49-28
peer mac-address 00e0-fc89-7e20
#
interface Wds1/6
#
interface Wds1/7
#
interface Wds1/8
#
interface Wds1/9
#
interface Wds1/10
#
interface Wds1/11
#
interface Wds1/12
#
interface Wds1/13
#
interface Wds1/14
#
interface Wds1/15
#
interface Wds1/16
#
interface Wds1/17
#
interface Wds1/18
#
interface Wds1/19
#
interface Wds1/20
#
interface Wds2/5
#
interface Wds2/6
#
interface Wds2/7
#
interface Wds2/8
#
interface Wds2/9
#
interface Wds2/10
#
interface Wds2/11
#
interface Wds2/12
#
interface Wds2/13
#
interface Wds2/14
#
interface Wds2/15
#
interface Wds2/16
#
interface Wds2/17
#
interface Wds2/18
#
interface Wds2/19
#
interface Wds2/20
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 172.28.163.254 preference 60
#
snmp-agent
snmp-agent local-engineid 800007DB00E0FC8980741208
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version all
snmp-agent group v3 g1 read huawei write huawei notify huawei
snmp-agent mib-view included huawei iso
snmp-agent usm-user v3 huawei g1
#
user-interface aux 0
user-interface vty 0
authentication-mode password
user privilege level 3
set authentication password cipher U2.L\^B%&VG%,YZG+F$5"!!!
user-interface vty 1
authentication-mode password
user privilege level 3
set authentication password cipher U2.L\^B%&VEAK+:;8W-P6A!!
user-interface vty 2
authentication-mode password
user privilege level 3
set authentication password cipher U2.L\^B%&VHMRG<`X)%Z4A!!
user-interface vty 3
authentication-mode password
user privilege level 3
set authentication password cipher U2.L\^B%&VF2JZ^-E@VJ=Q!!
user-interface vty 4
authentication-mode password
user privilege level 3
set authentication password cipher U2.L\^B%&VG(W)T[=+HQB1!!
#
age-time 2000
#
return

H3Cliuyunchang

ROOT模式：
<H3C>dis cu
#
sysname H3C
#
radius scheme system
server-type huawei-3com
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
state primary authentication active
accounting

domain system
radius-scheme system
access-limit disable
state active
idle-cut disable

domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei-3com

local-user admin
password simple wa1208
service-type telnet level 3
service-type web level 2
#
undo ssid wa1208e
#
ap name huawei-3com
#
config-file-auto-save-period set 30
cpu-performance-alarm-limit set 100
config-file-auto-save-mode-open
#
web-server max-user-number 5
web-server port 80
#
interface Aux0/0
#
vlan 1
#
interface Vlan-interface1
ip address 192.168.0.50 255.255.255.0 immediate
#
interface Ethernet0/1
#
ssid wa1208e
ap carrier-name huawei-3com
dot1x port-control authorized-force
bind domain system
authentication link open-system
encryption gtk update base-timer
undo authentication preauthentication
#
wds-ssid abc
root
encryption suite ccmp
encryption suite tkip
encryption suite wep 5
authentication psk  ascii abcde12345
#
radio module 1
channel 1
encryption wep 1 wep40 ascii 12345
encryption wep 2 wep104 ascii 123456789abcd
encryption wep 3 wep104 ascii huawei-3comap
encryption wep 4 wep40 ascii 1208e
#
radio module 2
channel 149
encryption wep 1 wep40 ascii 12345
encryption wep 2 wep104 ascii 123456789abcd
encryption wep 3 wep104 ascii huawei-3comap
encryption wep 4 wep40 ascii 1208e
#
interface Wireless-access1/1
bind ssid wa1208e
access uplayer
#
interface Wireless-access1/2
#
interface Wireless-access1/3
#
interface Wireless-access1/4
#
interface Wireless-access2/1
#
interface Wireless-access2/2
#
interface Wireless-access2/3
#
interface Wireless-access2/4
#
interface Wds1/5
#
interface Wds1/6
#
interface Wds1/7
#
interface Wds1/8
#
interface Wds1/9
#
interface Wds1/10
#
interface Wds1/11
#
interface Wds1/12
#
interface Wds1/13
#
interface Wds1/14
#
interface Wds1/15
#
interface Wds1/16
#
interface Wds1/17
#
interface Wds1/18
#
interface Wds1/19
#
interface Wds1/20
#
interface Wds2/5
bind wds-ssid abc
#
interface Wds2/6
#
interface Wds2/7
#
interface Wds2/8
#
interface Wds2/9
#
interface Wds2/10
#
interface Wds2/11
#
interface Wds2/12
#
interface Wds2/13
#
interface Wds2/14
#
interface Wds2/15
#
interface Wds2/16
#
interface Wds2/17
#
interface Wds2/18
#
interface Wds2/19
#
interface Wds2/20
#
interface NULL0
#
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
age-time 2000
#
return
<H3C>

H3Cliuyunchang

CLIENT：
<H3C>dis cu
#
sysname H3C
#
radius scheme system
server-type huawei-3com
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
state primary authentication active
accounting

domain system
radius-scheme system
access-limit disable
state active
idle-cut disable

domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei-3com

local-user admin
password simple wa1208
service-type telnet level 3
service-type web level 2
#
undo ssid wa1208e
#
ap name huawei-3com
#
config-file-auto-save-period set 30
cpu-performance-alarm-limit set 100
config-file-auto-save-mode-open
#
web-server max-user-number 5
web-server port 80
#
interface Aux0/0
#
vlan 1
#
interface Vlan-interface1
ip address 192.168.0.254 255.255.255.0 immediate
#
interface Ethernet0/1
#
ssid test
ap carrier-name huawei-3com
dot1x port-control authorized-force
bind domain system
authentication link share-key
authentication link open-system
encryption wep-default-key-id 2
encryption suite tkip
encryption suite wep 13
authentication psk  ascii 12345678
security-mode wpa
encryption gtk update base-timer
undo authentication preauthentication
#
ssid wa1208e
ap carrier-name huawei-3com
dot1x port-control authorized-force
bind domain system
authentication link open-system
encryption gtk update base-timer
undo authentication preauthentication
#
wds-ssid abc
client radio 2
encryption suite ccmp
encryption suite tkip
encryption suite wep 5
authentication psk  ascii abcde12345
#
radio module 1
channel 1
encryption wep 1 wep40 ascii 12345
encryption wep 2 wep104 ascii 123456789abcd
encryption wep 3 wep104 ascii huawei-3comap
encryption wep 4 wep40 ascii 1208e
#
radio module 2
channel 149
encryption wep 1 wep40 ascii 12345
encryption wep 2 wep104 ascii 123456789abcd
encryption wep 3 wep104 ascii huawei-3comap
encryption wep 4 wep40 ascii 1208e
#
interface Wireless-access1/1
bind ssid test
access uplayer
#
interface Wireless-access1/2
#
interface Wireless-access1/3
#
interface Wireless-access1/4
#
interface Wireless-access2/1
#
interface Wireless-access2/2
#
interface Wireless-access2/3
#
interface Wireless-access2/4
#
interface Wds1/5
#
interface Wds1/6
#
interface Wds1/7
#
interface Wds1/8
#
interface Wds1/9
#
interface Wds1/10
#
interface Wds1/11
#
interface Wds1/12
#
interface Wds1/13
#
interface Wds1/14
#
interface Wds1/15
#
interface Wds1/16
#
interface Wds1/17
#
interface Wds1/18
#
interface Wds1/19
#
interface Wds1/20
#
interface Wds2/5
bind wds-ssid abc
#
interface Wds2/6
bind wds-ssid abc
#
interface Wds2/7
#
interface Wds2/8
#
interface Wds2/9
#
interface Wds2/10
#
interface Wds2/11
#
interface Wds2/12
#
interface Wds2/13
#
interface Wds2/14
#
interface Wds2/15
#
interface Wds2/16
#
interface Wds2/17
#
interface Wds2/18
#
interface Wds2/19
#
interface Wds2/20
#
interface NULL0
#
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
age-time 2000
#
return
<H3C>


<H3C>dis arp
IP Address       MAC Address       VLAN ID    Port Name              Type
192.168.0.159    0040-0523-800f    1          wds2/5                 Dynamic
192.168.0.158    0009-5ba2-7428    1          wds2/5                 Dynamic
192.168.0.100    000e-7ffd-3be3    1          wds2/5                 Dynamic
192.168.0.50     00e0-fc8e-7afc    1          wds2/5                 Dynamic
192.168.0.1      0050-fcd1-6b5f    1          wireless-access1/1     Dynamic
192.168.0.157    000a-eba2-5b69    1          wds2/5                 Dynamic
<H3C>


<H3C>dis security information

*** SSID WPA Information ***
SSID name                : test
WPA                      : on
WPA2                     : off
Group cipher             : WEP_104
Pairwise cipher          : TKIP WEP_104
Authentication           : PSK
PSK(ascii)               : 12345678
Link authenticate        : open-system  and share-key
GTK update policy        : timer
GTK update interval      : 1440 minutes
GTK update packet count  : 1000 K
GTK retry times          : 3
PTK retry times          : 3
PTK update interval      : 0 minute. (update PTK disabled)
Retry interval           : 5 seconds
TKIP countermeasure      : disabled
TKIP MIC error hold time : 60 seconds
Life time of PMK         : 720 minutes
WEP Index                : 2
WEP key (ascii)          : 123456789abcd


*** SSID WPA Information ***
SSID name                : wa1208e
WPA                      : off
WPA2                     : off
Group cipher             : none
Pairwise cipher          : none
Authentication           : none
Link authenticate        : open-system
GTK update policy        : timer
GTK update interval      : 1440 minutes
GTK update packet count  : 1000 K
GTK retry times          : 3
PTK retry times          : 3
PTK update interval      : 0 minute. (update PTK disabled)
Retry interval           : 5 seconds
TKIP countermeasure      : disabled
TKIP MIC error hold time : 60 seconds
Life time of PMK         : 720 minutes


*** WDS SSID WPA Information ***
WDS-SSID name            : abc
WPA                      : off
WPA2                     : off
Pairwise cipher          : CCMP TKIP WEP_40
Authentication           : PSK
PSK(ascii)               : abcde12345
PTK retry times          : 3
PTK update interval      : 0 minute. (update PTK disabled)
Retry interval           : 5 seconds
TKIP countermeasure      : disabled
TKIP MIC error hold time : 60 seconds
Life time of PMK         : 720 minutes
WEP Index                : 1
WEP key (ascii)          : 12345

<H3C>


<H3C>dis mac-station
PortNo Station        State         Privacy preamble rateSet powersave rssi wmm
1/1    0050-fcd1-6b5f Associated    Yes    Short     11b      No        57   No
<H3C>

lovenet

非常感谢

shabengou

大哥你太厉害了！

hw-yili

你们的1208E 间距有多远。