JYXSJD-cfg# show running-config
!version AMTT ACS Software v2.65.4
!
hostname JYXSJD
dns primary 202.102.224.68
dns secondary 202.102.227.68
dns cache-size 512
!
no service telnet-login enable
service web-admin enable
service web-adminonly-https
service web-admin super-user wadmin secret $1$hNGM4wZt$BBdnxeWkpSiOeH05Z/okW0
service audit-log above-enable
no service syslog-export
service timezoneShanghai
service ntp-sync cn.pool.ntp.org
!
interface eth0
mode common-ip
ip address 123.7.17.124 255.255.255.0
link-mode auto
end
interface eth1
mode access-ctrl
ip address 172.31.16.1 255.255.248.0
vlan-tag 2101 2107
vlan-tag 2501 2506
vlan-tag 2507 2516
vlan-tag 2888
vlan-tag 3201 3208
vlan-tag 3301 3305
vlan-tag 3306 3317
vlan-tag 3508 3511
vlan-tag 3501 3507
vlan-tag 3512 3520
vlan-tag 3608 3611
vlan-tag 3601 3607
vlan-tag 3612 3619
vlan-tag 3666
vlan-tag 301 wlan
vlan-tag 2301 2320
link-mode auto
end
interface eth2
mode common-ip
ip address 172.31.14.1 255.255.255.0
link-mode auto
end
!
route default 123.7.17.254
!
radius server 172.31.14.2amtium 后面一定要命名
radius udp-port 1812 1813
radius timeout 5 retry 3
radius nas-ip-address 172.31.14.2
radius nas-identifier XINYANG 在申请短信的时候,李东成会给你一个内部的ID号,把那个配置在这两个地方
radius called-station-idXINYANG 在申请短信的时候,李东成会给你一个内部的ID号,把那个配置在这两个地方
radius vsa-encapsulation
radius enable
!
no radius admin-aaa enable
!
pnp interface eth1
pnp enable
pnp dns-redirect only-pnp
pnp smtp-server 172.31.14.2
no pnp auto-smtp-redirect
pnp non-portal global
!
access-ctrl network 172.31.16.0 255.255.248.0
access-ctrl rate-limit102400 102400 1
access-ctrl keep-alive 60 180
access-ctrl idle-timeout 15 1
access-ctrl connection-limit1024
access-ctrl local-connection-limit 32
access-ctrl spam-threshold 5 300 30
access-ctrl anti-spam-level normal
access-ctrl anti-dos enable
access-ctrl dos-threshold 6 50 36
access-ctrl user-isolation
no access-ctrl deny-admin-login
!
access-ctrl walled-garden network 172.31.14.2 255.255.255.255 rate-limit102400 102400
!
portal https-redirect enable
portal icmp-redirect enable
no portal accept-and-pass global
portalhome-url http://baidui.com
portal redirect-home-url
portal login-result-page auto
no portal self-help-domain
!
portal vlan authentication 2101 2107
portal vlan authentication 2501 2506
portal vlan authentication 2507 2516
portal vlan authentication 2888
portal vlan authentication 3201 3208
portal vlan authentication 3301 3305
portal vlan authentication 3306 3317
portal vlan authentication 3508 3511
portal vlan authentication 3501 3507
portal vlan authentication 3512 3520
portal vlan authentication 3608 3611
portal vlan authentication 3601 3607
portal vlan authentication 3612 3619
portal vlan authentication 3666
portal vlan authentication 2301 2320
portal vlan public-roaming 301 force-mac-auth
!
portal policy port 1404
portal policy timeout 60
no portal policy strict-mac-roaming
portal policy enable
portal policy guest-table enable
!
portal wispr-gis server 112.64.161.133 amtium
portal wispr-gis url https://service.amttgroup.com/wispr/login.php
portal wispr-gis location-name WISPr Site
no portal wispr-gis enable
!
no portal ads-push enable
portal ads-push timeout 30
portal ads-push frame-height 38
portal ads-push disconnect-warn 5
portal ads-push ignore public-ip-users
!
conn-track tcp-timeout 900
conn-track udp-timeout 180
conn-track icmp-timeout 30
conn-track max-limit 81920
!
nat eth0 map 172.254.254.0/23 123.7.17.124
nat eth0 map 172.31.14.0/24 123.7.17.124
nat eth0 redirect tcp 123.7.17.124 62222 172.31.14.2 22
nat eth0 redirect tcp 123.7.17.124 7070 172.31.14.2 443
nat eth0 map 172.31.16.0/21 123.7.17.124
!
vpool auto-allocate ike
vpool auto-allocate pptp
no vpool uni-direction
!
dhcp lease 3600
dhcp pnp-dns-suffix
dhcp interface eth1
dhcp pool 172.31.16.2 172.31.23.254 255.255.248.0 172.31.16.1
!
mac-vlan mac-limit-per-vlan global 512
mac-vlan mac-limit-per-vlan wlan 2048
!
snmp communityamttroread Hinos要改,及交换机要添加这条命令
snmp communityamttrwwrite
snmp trap host 172.31.14.2 community amttrw v2c
!
qos http-bulk-content 8
qos fuzzy-p2p-dfi
no qos rsvb-per-user
!
qos eth0 htb-shaping 120M
qos eth0 channel 1 committed-rate 80M ceiling-rate 100M priority 3
qos eth0 channel 2 committed-rate 20M ceiling-rate 100M priority 4
!
enable secret $1$7PxM3Y2V$rx.yzuzDjNobb2tV6pnbx0
!
user name amtium password XingSheJiuDian@2019
user name admin password JianYeXingShe@2019
!
traffic-log enable
traffic-log max-pps-limit 1024
traffic-log server 172.31.14.2 1818
no traffic-log http-user-id enable
no traffic-log extract-url enable
traffic-log ignore non-established-tcp
traffic-log ignore dns
traffic-log ignore netbios
!
black-mac auto-detect enable 黑名单要开启
black-mac threshold 60 6 6 1500
black-mac timeout 180
!
terminal timeout 30
!
bwstat interface eth0
!
no dynamic-bw-share enable
no dynamic-bw-share mark-qos-id
!
no local-user authentication enable
local-user session-timeout 1440
local-user iphone-auto-pass-timeout 0
!
vlan-user authentication radius
no vlan-user canonical-number
vlan-user name 8101 tag 2101 number 8
vlan-user name 8501 tag 2501 number 5
vlan-user name 8507 tag 2507 number 8
vlan-user name 6201 tag 3201 number 7
vlan-user name 6301 tag 3301 number 4
vlan-user name 6306 tag 3306 number 10
vlan-user name 6508 tag 3508 number 4
vlan-user name 6501 tag 3501 number 6
vlan-user name 6512 tag 3512 number 7
vlan-user name 6608 tag 3608 number 4
vlan-user name 6601 tag 3601 number 6
vlan-user name 6612 tag 3612 number 6
vlan-user name 6666 tag 3666
vlan-user name 8888 tag 2888
vlan-user name 8301 tag 2301 number 16
!
