10 Copyright © 2009, Juniper Networks, Inc.
APPLICATION NOTE - Configuring and Deploying the AX411 Wireless Access Point
#DHCP Server cong. A dierent pool per interface is used
set system services dhcp name-server 4.2.2.2
set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2
set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.254
set system services dhcp pool 192.168.1.0/24 router 192.168.1.1
set system services dhcp pool 192.168.2.0/24 address-range low 192.168.2.2
set system services dhcp pool 192.168.2.0/24 address-range high 192.168.2.254
set system services dhcp pool 192.168.2.0/24 router 192.168.2.1
set system services dhcp pool 192.168.3.0/24 address-range low 192.168.3.2
set system services dhcp pool 192.168.3.0/24 address-range high 192.168.3.254
set system services dhcp pool 192.168.3.0/24 router 192.168.3.1
#Interface congurations
set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/24
set interfaces ge-0/0/2 unit 0 family inet address 192.168.2.1/24
set interfaces ge-0/0/3 unit 0 family inet address 192.168.3.1/24
#Security Zones and policies conguration.
#An intra-zone policy is added to allow traic between clients connected to
dierent APs
set security zones security-zone untrust interfaces ge-0/0/0.0
set security zones security-zone CorpNet interfaces ge-0/0/1.0
set security zones security-zone CorpNet interfaces ge-0/0/1.0 host-inbound-
traic system-services dhcp
set security zones security-zone CorpNet interfaces fe-0/0/2.0
set security zones security-zone CorpNet interfaces fe-0/0/2.0 host-inbound-
traic system-services dhcp
set security zones security-zone CorpNet interfaces fe-0/0/3.0
set security zones security-zone CorpNet interfaces fe-0/0/3.0 host-inbound-
traic system-services dhcp
set security policies from-zone CorpNet to-zone CorpNet policy permit-egress-
traic match source-address any
set security policies from-zone CorpNet to-zone CorpNet policy permit-egress-
traic match destination-address any
set security policies from-zone CorpNet to-zone CorpNet policy permit-egress-
traic match application any
set security policies from-zone CorpNet to-zone CorpNet policy permit-egress-
traic then permit
set security policies from-zone CorpNet to-zone untrust policy allow-internet-
access match source-address any
set security policies from-zone CorpNet to-zone untrust policy allow-internet-
access match destination-address any
set security policies from-zone CorpNet to-zone untrust policy allow-internet-
access match application any
set security policies from-zone CorpNet to-zone untrust policy allow-internet-
access then permit
#APs conguration. The APs cong is identical to the one in our previous example
set wlan access-point AP-1 mac-address 00:12:cf:c5:4a:40
set wlan access-point AP-1 access-point-options country US
set wlan access-point AP-1 radio 1 virtual-access-point 0 ssid CorpNet
set wlan access-point AP-1 radio 1 virtual-access-point 0 security none
set wlan access-point AP-1 radio 2 virtual-access-point 0 ssid CorpNet
set wlan access-point AP-1 radio 2 virtual-access-point 0 security none
#AP-2
set wlan access-point AP-2 mac-address 00:12:cf:c5:4b:40
(32 strony)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji