AR121配置PPPoE、IPSec

图例

配置步骤

sysname AR121 #设备命名
vlan 10 #业务vlan
vlan 100 #AP管理vlan
#
dhcp enable #开启DHCP服务
#
interface Vlanif 10 #为vlan10分配地址
 ip address 10.1.1.254 255.255.255.0
 dhcp select interface
 dhcp server dns-list 202.106.0.20
#
interface Vlanif100
 ip address 192.168.100.1 255.255.255.0
 dhcp select interface
 dhcp server dns-list 202.106.0.20
#
dialer-rule #永久链接的pppoe
 dialer-rule 1 ip permit #无需配置拨号规则dialer-rule
#
interface Dialer1 #创建DCC的dialer 1 接口
 link-protocol ppp #链路封装协议ppp
ip address ppp-negotiate #ip地址为自动协商
 ppp chap user 03312311233
 ppp chap password cipher admin@123
 ppp pap local-user 03312311233 password cipher admin@123
 dialer-group 1 #用流量触发拨号
#          
interface GigabitEthernet0/0/1
 pppoe-client dial-bundle-number 1
#
acl number 3001  #此ACL为IPSec创建
 description IPsec
 rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255
acl number 3002  #此ACL为NAT所使用
 description NAT
 rule 5 deny ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255
 rule 10 permit ip   
#
interface Dialer1
 dialer bundle 1#绑定物理接口
 nat outbound 3002      
#
ip route-static 0.0.0.0 0.0.0.0 Dialer1 #缺省路由扔向外网
#
capwap source interface vlanif100  
#
interface GigabitEthernet0/0/2
 description To-AP4030
 port link-type trunk
 port trunk pvid vlan 100
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 100  
#
interface Wlan-Ess1
 port hybrid pvid vlan 10
 undo port hybrid vlan 1                  
 port hybrid tagged vlan 10  
#
wlan ac
 ap id 1 type-id 43 mac 9c50-ee4a-0160 sn 21500826412SGB918863
 security-profile name default id 0
  security-policy wpa2
  wpa2 authentication-method psk pass-phrase cipher 12345678
 service-set name default id 0
  max-user-number 128
  wlan-ess 1
  ssid WIFI-OFFICE
  service-vlan 10
  security-profile id 0
 ap 1 radio 1
  radio-profile id 0
  channel 20MHz 36
  service-set id 0 wlan 1          
#
ipsec proposal Center
 esp authentication-algorithm sha1
 esp encryption-algorithm 3des
#
ike proposal 1
 encryption-algorithm 3des-cbc
 dh group2
 authentication-algorithm sha1
 prf hmac-sha2-256
#                                         
ike peer Center-ike
 pre-shared-key cipher huawei@123
 ike-proposal 1
 remote-address 123.126.109.1
#
ipsec policy ipsec_map 1 isakmp
 security acl 3001
 ike-peer  Center-ike
 proposal Center
#
interface Dialer1
 ipsec policy ipsec_map  
#
return