ARUBA

Admin帐号管理(Aruba800)(config)#mgmt-useradminroot查看并保存控制器软件许可(Aruba200)#showlicenseverbose恢复控制器出厂配置(Aruba200)#writeeraseall添加控制器软件许可(Aruba200)#licenseaddXw2K4EGT-qWpz5YLM-Ouw7wpRt-kQPUrJMM-x8fB27hP-1ZgPleasereloadtheswitchforthenewservicekeytotakeeffect.(Aruba200)#licenseaddWnm8I0AK-bhAPAsim-pd8gS573-oJ4YHCWG-5ghonB8G-x8wPleasereloadtheswitchforthenewservicekeytotakeeffect.防火墙策略：一组按照特定次序排列的规则的集合用户角色（Role）决定了每个用户的访问权限•每一个role都必须与一个或多个policy绑定•防火墙策略按次序执行•最后一个隐含的缺省策略是“denyall”•可以设定role的带宽限制和会话数限制用户角色（Role）的分配可以通过多种方式实现•基于接入认证方式的缺省角色(i.e.802.1x,VPN,WEP,etc.)•由认证服务器导出的用户角色(i.e.RADIUS/LDAP属性)•本地导出规则•ESSID•MAC•Encryptiontype•Etc.ARUBA控制器中的每一个用户都会被分配一个Role!查看安全配置(Aruba800)#showrights(Aruba800)#showrightsauthenticated定义用户角色（role）(Aruba800)(config)#user-rolevisitors(Aruba800)(config-role)#access-listsessioninternet-only(Aruba800)(config-role)#max-sessions100(Aruba800)(config-role)#exit基于接入认证方式的缺省角色（role）分配(Aruba800)(config)#showaaaprofiledefault(Aruba800)(config)#showaaaauthenticationcaptive-portaldefault基于用户定义规则的角色（role）分配(Aruba800)(config)#aaaderivation-rulesusertest_rule(Aruba800)(user-rule)#setroleconditionencryption-typeequalsdynamic-aesset-valueauthenticatedposition1(Aruba800)(user-rule)#setroleconditionencryption-typeequalsdynamic-tkipset-valueguestposition2查看wlanvirtual-ap(Aruba800)#showwlanvirtual-apdefaultSSIDProfile的定义(Aruba800)(config)#wlanssid-profiletest(Aruba800)(SSIDProfile“test”)#essidtest（WLAN显示的SSID名称）(Aruba800)(SSIDProfile“test”)#opmode?（WLAN可以选用的加密方式）dynamic-wepWEPwithdynamickeysopensystemNoencryptionstatic-wepWEPwithstatickeyswpa-aesWPAwithAESencryptionanddynamickeysusing802.1Xwpa-psk-aesWPAwithAESencryptionusingapre-sharedkeywpa-psk-tkipWPAwithTKIPencryptionusingapre-sharedkeywpa-tkipWPAwithTKIPencryptionanddynamickeysusing802.1Xwpa2-aesWPA2withAESencryptionanddynamickeysusing802.1Xwpa2-psk-aesWPA2withAESencryptionusingapre-sharedkeywpa2-psk-tkipWPA2withTKIPencryptionusingapre-sharedkeywpa2-tkipWPA2withTKIPencryptionanddynamickeysusing802.1XxSecxSecencryptioncr(Aruba800)(SSIDProfile“test”)#opmodeopensystem配置LDAP服务器(Aruba800)(config)#aaaauthentication-serverldaptest(Aruba800)(LDAPServertest)#host10.10.10.10(Aruba800)(LDAPServertest)#admin-dnadmin(Aruba800)(LDAPServertest)#admin-passwdadmin(Aruba800)(LDAPServertest)#base-dncn=users,dc=qa,dc=domain,dc=com(Aruba800)(LDAPServertest)#allow-cleartext(Aruba800)(LDAPServertest)#exit配置Radius服务器(Aruba800)(config)#aaaauthentication-serverradiustest(Aruba800)(RADIUSServertest)#host10.10.10.10(Aruba800)(RADIUSServertest)#key123456(Aruba800)(RADIUSServertest)#exit对Radius服务器进行测试(Aruba800)#aaatest-servermschapv2Radius-Server-NameUsernamePassword配置Server-Group(Aruba800)(config)#aaaserver-grouptest(Aruba800)(ServerGrouptest)#auth-servertest(Aruba800)(ServerGrouptest)#setroleconditionmemberOfcontainsguestset-valueguest(Aruba800)(config)#showaaaserver-grouptest