Aruba無線網(wǎng)絡(luò)配置培訓(xùn)_第1頁
Aruba無線網(wǎng)絡(luò)配置培訓(xùn)_第2頁
Aruba無線網(wǎng)絡(luò)配置培訓(xùn)_第3頁
Aruba無線網(wǎng)絡(luò)配置培訓(xùn)_第4頁
Aruba無線網(wǎng)絡(luò)配置培訓(xùn)_第5頁
已閱讀5頁,還剩52頁未讀, 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進(jìn)行舉報或認(rèn)領(lǐng)

文檔簡介

1、CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA無線網(wǎng)絡(luò)培訓(xùn)無線網(wǎng)絡(luò)培訓(xùn)People move. Networks must follow.CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reserved公司簡介公司簡介 市場形象: 全球領(lǐng)先的安全無線網(wǎng)絡(luò)供應(yīng)商 全球唯一的WLAN專業(yè)上市公司 硅谷技術(shù)公司排名(#1 ranking) 全球客戶數(shù)量:6500+CONFIDENTIAL Copyright 2007. Aru

2、ba Networks, Inc. All rights reserved連接性連接性Aruba產(chǎn)品的市場定位產(chǎn)品的市場定位融合的移動應(yīng)用QoS, Roaming, Handovers, Location, RFID安全接入Authentication, Encryption, Intrusion Prevention移動設(shè)備管理Security, Battery Life, Device ManagementWireless LAN 覆蓋RF Management, Rogue AP Detection安全性安全性移動性移動性用戶分級Employees, Contractors, Guest

3、sCONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA以用戶為中心的網(wǎng)絡(luò)以用戶為中心的網(wǎng)絡(luò) q 高性能無線園區(qū)網(wǎng)q 即插即用的遠(yuǎn)程接入點(diǎn)q 適合各種規(guī)模的分支辦公室網(wǎng)絡(luò)q 安全的企業(yè)無線網(wǎng)狀網(wǎng)q RFprotect 無線入侵防范Who, What, Where, When, How?q 基于角色的安全策略q 疊加的網(wǎng)絡(luò)安全特性q 整合的網(wǎng)絡(luò)準(zhǔn)入控制q 安全訪客接入q 持續(xù)的話音呼叫 q 數(shù)據(jù)會話的永續(xù)性q 應(yīng)用感知的服務(wù)質(zhì)量q 基于定位的應(yīng)用q 視頻優(yōu)化自適應(yīng)無線局域網(wǎng)基于身份的安全性應(yīng)用層質(zhì)量保證

4、Follow-MeApplicationsFollow-MeSecurityFollow-MeManagementFollow-Me Connectivity q 多廠商設(shè)備管理 q 用戶級管理和報表q 可視的無線熱區(qū)圖q 非法AP識別和定位q 故障診斷專家系統(tǒng)統(tǒng)一的用戶網(wǎng)絡(luò)管理CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reserved自動優(yōu)化:不需要人工干預(yù)的智能網(wǎng)絡(luò)自動優(yōu)化:不需要人工干預(yù)的智能網(wǎng)絡(luò) 自適應(yīng)射頻管理(Adaptive Radio Management )基于可用頻譜對WLAN進(jìn)行持續(xù)優(yōu)化1.對頻

5、譜進(jìn)行實時掃描和監(jiān)視2.自動選擇最佳信道和功率,降低網(wǎng)絡(luò)沖突和干擾,并在AP失效時自動對盲區(qū)進(jìn)行覆蓋3.基于用戶和流量進(jìn)行負(fù)載均衡4.對雙頻段用戶提供頻段指引5.公平接入快速和慢速客戶端6.基于負(fù)載感知的射頻掃描物理位置時間可用信道 挑戰(zhàn) 動態(tài)射頻環(huán)境 在一個期望的覆蓋范圍,可以使用的工作信道并不是一成不變的,與環(huán)境中存在的干擾和用戶密度、流量負(fù)載等有關(guān)大廳大廳自習(xí)室自習(xí)室會議室會議室辦公室辦公室/公位公位CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reserved便于擴(kuò)展:隨時隨地對無線網(wǎng)絡(luò)進(jìn)行擴(kuò)展便于擴(kuò)展:隨時隨

6、地對無線網(wǎng)絡(luò)進(jìn)行擴(kuò)展6分支機(jī)構(gòu)分支機(jī)構(gòu)/辦公室辦公室公司總部公司總部Internet 服務(wù)服務(wù)來客來客Internet 訪問訪問DMZINTERNETGUESTCORPCORP語音語音VOICEDSL路由器路由器GUESTVLANInternet 服服務(wù)務(wù)分割隧道分割隧道用于傳輸互聯(lián)網(wǎng)流量的分割隧道以用戶為中心的內(nèi)置防火墻防火防火墻墻/NATFan TrayUp to 4 M3 Mark IRedundant PSUs40 x 1000Base-X (SFP)8x 10GBase-X (XFP)業(yè)界最強(qiáng)大的無線控制器業(yè)界最強(qiáng)大的無線控制器 單臺支持單臺支持80G線速轉(zhuǎn)發(fā)線速轉(zhuǎn)發(fā) 單臺管理單臺管

7、理2048個無線個無線AP從室內(nèi)向室外擴(kuò)展從室內(nèi)向室外擴(kuò)展向更加廣闊的向更加廣闊的Internet擴(kuò)展擴(kuò)展CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reserved基于身份的訪問控制和帶寬管理基于身份的訪問控制和帶寬管理用戶權(quán)限管理Who(用戶認(rèn)證)+What(認(rèn)證方式) +When(接入時間)+Where(接入位置)+How(接入終端)CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reserved基于用戶的無線狀態(tài)防火墻基于用戶的無線狀態(tài)

8、防火墻 單一物理網(wǎng)絡(luò)設(shè)施 任意對用戶進(jìn)行分組 不同組或用戶設(shè)定不同L2-L7策略控制 不同用戶設(shè)定不同的上下行帶寬分配 不同用戶設(shè)定的不同QOS級別Aruba的的Firewall可以檢測到可以檢測到ICMP,TCP Sync,IP Session,IP Spoofing, RST Relay,ARP等多種潛在網(wǎng)絡(luò)攻擊等多種潛在網(wǎng)絡(luò)攻擊,并自動將攻擊者放入黑名單并自動將攻擊者放入黑名單,斷開無線連接斷開無線連接 Virtual AP 1SSID: ABC.COMVirtual AP 2SSID: VOICE標(biāo)準(zhǔn)客戶標(biāo)準(zhǔn)客戶免費(fèi)客戶免費(fèi)客戶路由器路由器WEB門戶門戶移動性控制器移動性控制器接入點(diǎn)接

9、入點(diǎn)VIP唯一權(quán)限、唯一權(quán)限、QoS, 策略策略免費(fèi)客戶語音普通客戶VIP客戶話音客戶話音客戶AAA 基基礎(chǔ)設(shè)礎(chǔ)設(shè)施施入門客戶入門客戶相同或不同的VLANCONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA無線網(wǎng)絡(luò)的組網(wǎng)架構(gòu)無線網(wǎng)絡(luò)的組網(wǎng)架構(gòu)Email Server10/100 MbpsL2/3DHCP Server1.3.4.通訊過程:1.AP連接到現(xiàn)有網(wǎng)絡(luò)的交換機(jī)端口,加電起動后,獲得IP地址2.AP通過各種方式獲得ARUBA控制器的Loop IP地址(靜態(tài)獲得、DHCP返回、DNS解析、組播、

10、廣播)3.AP與控制器之間建立PAPI隧道(UDP 8211),通過FTP或TFTP到ARUBA控制器上比對并下載AP的image軟件和配置文檔,并根據(jù)配置信息建立AP與控制器之間的GRE隧道,同時向無線用戶提供無線接入服務(wù)4.無線用戶通過SSID連接無線網(wǎng)絡(luò),所有的用戶流量都通過AP與ARUBA控制器之間的GRE隧道直接傳遞到ARUBA控制器上,進(jìn)行相應(yīng)的加解密、身份驗證、授權(quán)、策略和轉(zhuǎn)發(fā)2.CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reserved配置配置ARUBA無線控制器無線控制器 管理員登陸(admin/

11、saic_admin) Cli Web 管理帳號 網(wǎng)絡(luò)配置 Vlan IP address IP route IP dhcp 安全配置 Policy Role AAA 無線配置 SSID Virtual APCONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reserved配置配置ARUBA無線控制器無線控制器管理員登陸管理員登陸CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reserved登陸登陸ARUBA無線控制器無線控制器 Command l

12、ineUser: adminPassword: *(Aruba800) enPassword:*(Aruba800) #configure tEnter Configuration commands, one per line. End with CNTL/Z Web UIhttps:/ Admin帳號管理#mgmt-user (Aruba800) (config) #mgmt-user admin root Password:*Re-Type password:*(Aruba800) (config) #CONFIDENTIAL Copyright 2007. Aruba Networks,

13、 Inc. All rights reserved配置配置ARUBA無線控制器無線控制器ARUBA無線控制器的網(wǎng)絡(luò)配置無線控制器的網(wǎng)絡(luò)配置CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA無線控制器的網(wǎng)絡(luò)配置無線控制器的網(wǎng)絡(luò)配置 配置Vlan(Aruba800) (config) #vlan 200(Aruba800) (config) #interface fastethernet 1/0接入模式:(Aruba800) (config-if)#switchport access vlan 200

14、 (Aruba800) (config-if)#switchport mode access中繼模式:(Aruba800) (config-if)#switchport trunk allowed vlan all (Aruba800) (config-if)#switchport mode trunk (Aruba800) (config-if)#show vlanVLAN CONFIGURATION-VLAN Name Ports- - -1 Default FE1/1-7 100 VLAN0100 GE1/8 200 VLAN0200 FE1/0 配置IP address(Aruba80

15、0) (config) #interface vlan 200(Aruba800) (config-subif)#ip address 54 (vlan interface)(Aruba800) (config-subif)#ip helper-address (DHCP relay)CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA無線控制器的網(wǎng)絡(luò)配置無線控制器的網(wǎng)絡(luò)配置 配置IP route配置缺省路由: (Aruba

16、800) (config) #ip default-gateway 配置靜態(tài)路由:(Aruba800) (config) #ip route (Aruba800) (config) #show ip route Codes: C - connected, O - OSPF, R - RIP, S - static M - mgmt, U - route usable, * - candidate defaultGateway of last resort is to netwo

17、rk S* /0 1/0 via *S /24 1/0 via *C is directly connected, VLAN1C is directly connected, VLAN100C is directly connected, VLAN200 配置dhcp server(Aruba800) (config) #ip dhcp pool user_pool(Aruba800) (config-dhcp)#default-r

18、outer 54(Aruba800) (config-dhcp)#dns-server (Aruba800) (config-dhcp)#network (Aruba800) (config-dhcp)#exit(Aruba800) (config) #service dhcpCONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reserved配置配置ARUBA無線控制器無線控制器ARUBA無線控制器的安全配置無線控制器的安全配置CO

19、NFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA控制器的安全配置控制器的安全配置Rule 1Rule 2Rule 3Rule nRule 1Rule 2Rule 1Rule 1Rule 2Rule 3Rule 4Rule 1Rule 2Rule 3Rule 4Policy 1Policy 2Policy 3Policy 4Policy 5Role 1 Policy 1 Policy 2Role 2 Policy 1 Policy 3 Policy 4Role 3 Policy 4 Policy 5R

20、ole 4 Policy 4User1 User2 User3 User4 User5 User6 UserNRole Derivation:1) Locally Derived2) Server Assigned3) Default RoleAssigns usersto a roleMethods:PoliciesRolesDerivationCONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reserved ARUBA控制器的安全配置控制器的安全配置AddressesHTTPFTPDNSetcDenyPermitNa

21、tLogQueue802.1p assignmentTOSTime Range策略示例:ip access-list session Internet_Only user any udp 68 deny user any svc-dhcp permituser host svc-dns permituser host svc-dns permituser alias Internal-Network deny loguser any any permit 防火墻策略:一組按照特定次序排列的規(guī)則的集合別名的定義:1)網(wǎng)絡(luò)別名netdestinati

22、on Internal-Network network network netdestination External-network network network invert2)服務(wù)別名netservice svc-http tcp 80CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reserved ARUBA控制器的

23、安全配置控制器的安全配置AddressesHTTPFTPDNSetcDenyPermitNatLogQueue802.1p assignmentTOSTime Range 防火墻策略:一組按照特定次序排列的規(guī)則的集合CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedCreating RolesCONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedCreating Policies212-21CONFIDENTIAL Copy

24、right 2007. Aruba Networks, Inc. All rights reservedARUBA無線控制器的安全配置無線控制器的安全配置用戶角色(用戶角色(Role)決定了每個用戶的訪問權(quán)限)決定了每個用戶的訪問權(quán)限每一個role都必須與一個或多個policy綁定防火墻策略按次序執(zhí)行最后一個隱含的缺省策略是“deny all”可以設(shè)定role的帶寬限制和會話數(shù)限制用戶角色(用戶角色(Role)的分配可以通過多種方式實現(xiàn))的分配可以通過多種方式實現(xiàn)基于接入認(rèn)證方式的缺省角色 (i.e. 802.1x, VPN, WEP, etc.)由認(rèn)證服務(wù)器導(dǎo)出的用戶角色(i.e. RADI

25、US/LDAP屬性)本地導(dǎo)出規(guī)則ESSIDMACEncryption typeEtc.ARUBA控制器中的每一個用戶都會被分配一個控制器中的每一個用戶都會被分配一個Role!CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA無線控制器的安全配置無線控制器的安全配置(Aruba800) #show rights RoleTable-Name ACL Bandwidth ACL List Type- - - - -ap-role 4 Up: No Limit,Dn: No Limit control,

26、ap-acl Systemauthenticated 39 Up: No Limit,Dn: No Limit allowall,v6-allowall Userdefault-vpn-role 37 Up: No Limit,Dn: No Limit allowall,v6-allowall Userguest 3 Up: No Limit,Dn: No Limit http-acl,https-acl,dhcp-acl,icmp-acl,dns-acl,v6-http-acl,v6-https-acl,v6-dhcp-acl,v6-icmp-acl,v6-dns-acl Userguest

27、-logon 6 Up: No Limit,Dn: No Limit logon-control,captiveportal Userlogon 1 Up: No Limit,Dn: No Limit logon-control,captiveportal,vpnlogon,v6-logon-control Userstateful-dot1x 5 Up: No Limit,Dn: No Limit Systemvoice 38 Up: No Limit,Dn: No Limit sip-acl,noe-acl,svp-acl,vocera-acl,skinny-acl,h323-acl,dh

28、cp-acl,tftp-acl,dns-acl,icmp-acl UserCONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA無線控制器的安全配置無線控制器的安全配置(Aruba800) #show rights authenticatedDerived Role = authenticated Up BW:No Limit Down BW:No Limit L2TP Pool = default-l2tp-pool PPTP Pool = default-pptp-pool Periodic re

29、authentication: Disabled ACL Number = 39/0 Max Sessions = 65535access-list List-Position Name Location- - -1 allowall 2 v6-allowall allowall-Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan- - - - - - - - - - - - - -1 any any any permit Low v6

30、-allowall-Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan- - - - - - - - - - - - - -1 any any any permit Low Expired Policies (due to time constraints) = 0CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA無線控制器的安全配置無線控

31、制器的安全配置定義用戶角色(role)(Aruba800) (config) #user-role visitors(Aruba800) (config-role) #access-list session internet-only(Aruba800) (config-role) #max-sessions 100(Aruba800) (config-role) #exit(Aruba800) (config) #CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA無線控制器的安全配置無線控制器的

32、安全配置基于接入認(rèn)證方式的缺省角色(role)分配(Aruba800) (config) #show aaa profile defaultAAA Profile default-Parameter Value- -Initial role logonMAC Authentication Profile N/AMAC Authentication Default Role guestMAC Authentication Server Group default802.1X Authentication Profile N/A802.1X Authentication Default Role

33、guest802.1X Authentication Server Group N/ARADIUS Accounting Server Group N/AXML API server N/ARFC 3576 server N/AUser derivation rules N/AWired to Wireless Roaming EnabledSIP authentication role N/A(Aruba800) (config) #show aaa authentication captive-portal defaultCaptive Portal Authentication Prof

34、ile default-Parameter Value- -Default Role guestServer Group defaultRedirect Pause 10 secUser Login EnabledGuest Login DisabledLogout popup window EnabledUse HTTP for authentication DisabledLogon wait minimum wait 5 secLogon wait maximum wait 10 seclogon wait CPU utilization threshold 60 %Max Authen

35、tication failures 0Show FQDN DisabledUse CHAP (non-standard) DisabledSygate-on-demand-agent DisabledLogin page /auth/index.htmlWelcome page /auth/welcome.htmlShow Welcome Page YesAdding switch ip address in redirection URL DisabledCONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reserved

36、ARUBA無線控制器的安全配置無線控制器的安全配置基于接入認(rèn)證方式的缺省角色(role)分配CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA無線控制器的安全配置無線控制器的安全配置基于服務(wù)期返回規(guī)則的角色(role)分配(Aruba800) (config) #aaa server-group test(Aruba800) (Server Group test) #set role condition memberOf contains student set-value student說明:從

37、LDAP服務(wù)器獲取用戶屬性,并以此為依據(jù)分配用戶角色時,只能通過CLI進(jìn)行配置CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA無線控制器的安全配置無線控制器的安全配置基于用戶定義規(guī)則的角色(role)分配(Aruba800) (config) #aaa derivation-rules user test_rule(Aruba800) (user-rule) #set role condition encryption-type equals dynamic-aes set-value auth

38、enticated position 1(Aruba800) (user-rule) #set role condition encryption-type equals dynamic-tkip set-value guest position 2CONFIDENTIAL Copyright 2009. Aruba Networks, Inc. All rights reservedBlacklisting ClientsCONFIDENTIAL Copyright 2009 Aruba Networks, Inc. All rights reservedWhat Is Blacklisti

39、ng? Deauthenticated from the network If a client is connected to the network when it is blacklisted, a deauthentication message is sent to force the client to disconnect. Blocked from associating to APs Blacklisting prevents a client from associating with any AP in the network for a specified amount

40、 of time. Blocked from other SSIDs While blacklisted, the client cannot associate with another SSID in the network.2-31CONFIDENTIAL Copyright 2009 Aruba Networks, Inc. All rights reservedMethods Of Blacklisting Manually blacklist Admin user can blacklist a specific client via the clients screen at M

41、onitoring Clients Firewall policy A firewall Policy can result in the client being blacklisted Fails to Authenticate A client fails to successfully authenticate for a configured number of times for a specified authentication method. The client is automatically blacklisted. IDS Attack The detection o

42、f a denial of service or man in the middle (MITM) attack in the network. 2-32CONFIDENTIAL Copyright 2009 Aruba Networks, Inc. All rights reservedDuration Of Blacklisting Blacklist Duration on Per-SSID basis Configured in Virtual AP Profile2-33CONFIDENTIAL Copyright 2009 Aruba Networks, Inc. All righ

43、ts reservedRule based BlacklistingConfiguration - Access control - PoliciesCONFIDENTIAL Copyright 2009 Aruba Networks, Inc. All rights reservedConfiguring Firewall Policy Blacklisting This rule set is used to blacklist clients attaching to the controller IP address2-35CONFIDENTIAL Copyright 2009 Aru

44、ba Networks, Inc. All rights reservedViewing Blacklist Clients Monitoring Blacklist Clients This screen allows clients to be put back into production/logon roles by removing them from the blacklist2-36CONFIDENTIAL Copyright 2009 Aruba Networks, Inc. All rights reservedConsiderations When Blacklistin

45、g Clients Policy enforcement Devices with weak encryption Deny Guest from corporate access May be disruptive to employees2-37CONFIDENTIAL Copyright 2009. Aruba Networks, Inc. All rights reservedBandwidth ContractsCONFIDENTIAL Copyright 2009 Aruba Networks, Inc. All rights reservedBandwidth Contracts

46、 Applied to Roles Specified in Kbps or Mbps Upstream - Downstream For all Users or Per User 2-39CONFIDENTIAL Copyright 2009 Aruba Networks, Inc. All rights reservedBandwidth Contracts2-40CONFIDENTIAL Copyright 2009 Aruba Networks, Inc. All rights reservedApply BW-Contract To The Role2-41CONFIDENTIAL

47、 Copyright 2007. Aruba Networks, Inc. All rights reserved配置配置ARUBA無線控制器無線控制器ARUBA無線控制器的無線配置無線控制器的無線配置CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA無線控制器的無線配置無線控制器的無線配置AP GroupWireless LANRF ManagementAPQoSIDSVirtual APPropertiesSSIDAAAa/g RadioSettingsRFOptimizationsSyste

48、m ProfileEthernetRegulatorySNMPVoIPa/g ManagementVirtual APPropertiesSSIDAAAVLANVLANCONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA無線控制器的無線配置無線控制器的無線配置 加密方法加密方法確保數(shù)據(jù)在空中傳輸時的私密性可以選擇不加密(open)、二層加密(WEP, TKIP, AES) 或者三層加密 (VPN) 認(rèn)證方式認(rèn)證方式確保接入無線網(wǎng)絡(luò)的用戶都是合法用戶認(rèn)證方式可以選擇不認(rèn)證,或者M(jìn)AC、EAP、capt

49、ive portal、VPN等認(rèn)證方式 訪問控制訪問控制對接入無線網(wǎng)絡(luò)的合法用戶流量進(jìn)行有效控制,包括可以訪問的網(wǎng)絡(luò)資源、帶寬、時間等WLAN服務(wù)的配置要點(diǎn)服務(wù)的配置要點(diǎn)SSID ProfileAAA ProfileRoleCONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA無線控制器的無線配置無線控制器的無線配置(Aruba800) #show wlan virtual-ap defaultVirtual AP profile default-Parameter Value- -Virtual A

50、P enable EnabledAllowed band allSSID Profile defaultVLAN 100Forward mode tunnelDeny time range N/AMobile IP EnabledHA Discovery on-association DisabledDoS Prevention DisabledStation Blacklisting EnabledBlacklist Time 3600 secAuthentication Failure Blacklist Time3600 secFast Roaming DisabledStrict Co

51、mpliance DisabledVLAN Mobility DisabledAAA Profile defaultRemote-AP Operation standardCONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA無線控制器的無線配置無線控制器的無線配置SSID Profile的定義(Aruba800) (config) #wlan ssid-profile test(Aruba800) (SSID Profile “test”) #essid test(WLAN顯示的SSID名稱)(Ar

52、uba800) (SSID Profile “test”) #opmode ? (WLAN可以選用的加密方式)dynamic-wep WEP with dynamic keysopensystem No encryptionstatic-wep WEP with static keyswpa-aes WPA with AES encryption and dynamic keys using 802.1Xwpa-psk-aes WPA with AES encryption using a pre-shared keywpa-psk-tkip WPA with TKIP encryption

53、using a pre-shared keywpa-tkip WPA with TKIP encryption and dynamic keys using 802.1Xwpa2-aes WPA2 with AES encryption and dynamic keys using 802.1Xwpa2-psk-aes WPA2 with AES encryption using a pre-shared keywpa2-psk-tkip WPA2 with TKIP encryption using a pre-shared keywpa2-tkip WPA2 with TKIP encry

54、ption and dynamic keys using 802.1XxSec xSec encryption(Aruba800) (SSID Profile “test”) #opmode opensystemCONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA無線控制器的無線配置無線控制器的無線配置SSID Profile的定義CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA無線控制器的無線配置無

55、線控制器的無線配置AAA Profile的定義配置基于Open的AAA Profile(Aruba800) (config) #aaa profile test (Aruba800) (AAA Profile test) #clone default配置基于Portal認(rèn)證的CaptivePortal Profile(Aruba800) (config) #aaa authentication captive-portal test(Aruba800) (Captive Portal Authentication Profile test) #clone default(Aruba800) (

56、Captive Portal Authentication Profile test) #default-role guest(Aruba800) (Captive Portal Authentication Profile test) #no enable-welcome-page(Aruba800) (Captive Portal Authentication Profile test) #server-group testCONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA無線控制器的無線配置

57、無線控制器的無線配置配置LDAP服務(wù)器(Aruba800) (config) #aaa authentication-server ldap test(Aruba800) (LDAP Server test) # host 0(Aruba800) (LDAP Server test) #admin-dn admin(Aruba800) (LDAP Server test) #admin-passwd admin(Aruba800) (LDAP Server test) #base-dn cn=users,dc=qa,dc=domain,dc=com(Aruba800) (L

58、DAP Server test) #allow-cleartext (Aruba800) (LDAP Server test) #CONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA無線控制器的無線配置無線控制器的無線配置配置Server-Group(Aruba800) (config) #aaa server-group test(Aruba800) (Server Group test) #auth-server test(Aruba800) (Server Group test) #set r

59、ole condition memberOf contains guest set-value guest (Aruba800) (config) #show aaa server-group testFail Through:NoAuth Servers-Name Server-Type trim-FQDN Match-Type Match-Op Match-Str- - - - - -test Ldap No Role/VLAN derivation rules -Priority Attribute Operation Operand Type Action Value Valid- -

60、 - - - - - -1 memberOf contains guest String set role guest NoCONFIDENTIAL Copyright 2007. Aruba Networks, Inc. All rights reservedARUBA無線控制器的無線配置無線控制器的無線配置在用戶初始角色(initial role)中調(diào)用CaptivePortal Profile(Aruba800) (config) #user-role logon(Aruba800) (config-role) #captive-portal test(Aruba800) (config

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

評論

0/150

提交評論