Zyxel NXC2500 Настройка

pdf files zyxel

1.2 Basic interface setting
1.2.1 Remove ge1 from vlan0

1.2.2 Set ge1 interface type to External and get IP address automatically.

1.2.3 Enable DHCP server in vlan0, IP pool address starts from 192.168.1.200, pool size 20.

Configure policy route to let LAN access internet

In Configuration > Network > Routing to add a policy route.

1.4 Configure AP Profile
1.4.1 In Configuration > Object > AP Profile > SSID

1.4.2 In Configuration > Object > AP Profile > SSID > Security List

1.4.3 In Configuration > Object > AP Profile > Radio > Edit to choose configured SSID Profile.


! saved at 2014-08-29 15:03:28
! model: NXC2500
! firmware version: 4.10(AAIG.3)
!
interface-name ge1 ge1
interface-name ge2 ge2
interface-name ge3 ge3
interface-name ge4 ge4
interface-name ge5 ge5
interface-name ge6 ge6
!
username admin encrypted-password $4$4lWyp5gj$fRCiM+TJ8ar/TIktaRHtNmZIGAHrOKd57PWDpE0+4lcVcoSHTEMsm13u8ZU20za3tgBi0YNatwsLSZXdaBz58KL6kDy6dEh9PwKxmjD+1hA$ user-type admin
username admin description Administration account
username admin logon-lease-time 30
username admin logon-re-auth-time 0
!
ip dhcp pool Network_Pool_VLAN0
network 192.168.11.0 255.255.255.0
default-router 192.168.11.1
starting-address 192.168.11.2 pool-size 20
lease 1 0 0
first-dns-server 8.8.8.8
!
interface ge1
type external
pvid 1
ip address dhcp metric 0
upstream 1048576
downstream 1048576
mtu 1500
!
interface ge2
type internal
pvid 1
!
interface ge3
type internal
pvid 1
!
interface ge4
type internal
pvid 1
!
interface ge5
type internal
pvid 1
!
interface ge6
type internal
pvid 1
!
interface vlan0
vlanid 1
join ge2 untag
join ge3 untag
join ge4 untag
join ge5 untag
join ge6 untag
ip address 192.168.11.1 255.255.255.0
ping-check default-gateway method icmp period 30 timeout 5 fail-tolerance 5
no ping-check activate
ip dhcp-pool Network_Pool_VLAN0
!
address-object LAN_SUBNET interface-subnet vlan0
!
service-object Any_UDP udp range 1 65535
service-object Any_TCP tcp range 1 65535
service-object AH protocol 51
service-object AIM tcp eq 5190
service-object NEW_ICQ tcp eq 5190
service-object AUTH tcp eq 113
service-object BGP tcp eq 179
service-object BOOTP_CLIENT udp eq 68
service-object BOOTP_SERVER udp eq 67
service-object CAPWAP-CONTROL udp eq 5246
service-object CAPWAP-DATA udp eq 5247
service-object CU_SEEME_TCP1 tcp eq 7648
service-object CU_SEEME_TCP2 tcp eq 24032
service-object CU_SEEME_UDP1 udp eq 7648
service-object CU_SEEME_UDP2 udp eq 24032
service-object DNS_TCP tcp eq 53
service-object DNS_UDP udp eq 53
service-object ESP protocol 50
service-object FINGER tcp eq 79
service-object FTP tcp range 20 21
service-object GRE protocol 47
service-object H323 tcp eq 1720
service-object HTTP tcp eq 80
service-object HTTPS tcp eq 443
service-object ICQ udp eq 4000
service-object IKE udp eq 500
service-object IMAP4 tcp eq 143
service-object IMAP4S tcp eq 993
service-object IP6to4 protocol 41
service-object IRC_TCP tcp eq 6667
service-object IRC_UDP udp eq 6667
service-object MSN tcp eq 1863
service-object MULTICAST protocol 2
service-object NEWS tcp eq 144
service-object NetBIOS_TCP1 tcp range 137 139
service-object NetBIOS_TCP2 tcp eq 445
service-object NetBIOS_UDP1 udp range 137 139
service-object NetBIOS_UDP2 udp eq 445
service-object NFS udp eq 2049
service-object NNTP tcp eq 119
service-object NTP udp eq 123
service-object PING icmp echo
service-object POP3 tcp eq 110
service-object POP3S tcp eq 995
service-object PPTP tcp eq 1723
service-object PPTP_TUNNEL protocol 47
service-object RCMD tcp eq 512
service-object RDP tcp eq 3389
service-object REAL-AUDIO tcp eq 7070
service-object REXEC tcp eq 514
service-object RLOGIN tcp eq 513
service-object ROADRUNNER_TCP tcp eq 1026
service-object ROADRUNNER_UDP udp eq 1026
service-object RTELNET tcp eq 107
service-object RTSP_TCP tcp eq 554
service-object RTSP_UDP udp eq 554
service-object SFTP tcp eq 115
service-object SMTP tcp eq 25
service-object SMTPS tcp eq 465
service-object SNMP_TCP tcp eq 161
service-object SNMP_UDP udp eq 161
service-object SNMP-TRAPS_TCP tcp eq 162
service-object SNMP-TRAPS_UDP udp eq 162
service-object SQL-NET tcp eq 1521
service-object SSDP udp eq 1900
service-object SSH_TCP tcp eq 22
service-object SSH_UDP udp eq 22
service-object STRMWORKS udp eq 1558
service-object SYSLOG udp eq 514
service-object TACACS udp eq 49
service-object TELNET tcp eq 23
service-object TFTP udp eq 69
service-object VDOLIVE tcp eq 7000
service-object VRRP protocol 112
service-object NATT udp eq 4500
service-object RIP udp eq 520
service-object OSPF protocol 89
service-object SIP udp eq 5060
service-object Kerberos-TCP tcp eq 88
service-object MS-RPC tcp eq 135
service-object LDAP-TCP tcp eq 389
service-object LPR tcp eq 515
service-object LDAPS-TCP tcp eq 636
service-object VNC5800 tcp eq 5800
service-object VNC5900 tcp eq 5900
service-object Kerberos-UDP udp eq 88
service-object LDAP-UDP udp eq 389
service-object LDAPS-UDP udp eq 636
service-object L2TP-UDP udp eq 1701
service-object RADIUS-AUTH udp eq 1812
service-object RADIUS-ACCT udp eq 1813
service-object BONJOUR udp eq 5353
!
object-group service CU-SEEME
service-object CU_SEEME_TCP1
service-object CU_SEEME_TCP2
service-object CU_SEEME_UDP1
service-object CU_SEEME_UDP2
!
object-group service DNS
service-object DNS_TCP
service-object DNS_UDP
!
object-group service IRC
service-object IRC_TCP
service-object IRC_UDP
!
object-group service NetBIOS
service-object NetBIOS_TCP1
service-object NetBIOS_TCP2
service-object NetBIOS_UDP1
service-object NetBIOS_UDP2
!
object-group service ROADRUNNER
service-object ROADRUNNER_TCP
service-object ROADRUNNER_UDP
!
object-group service RTSP
service-object RTSP_TCP
service-object RTSP_UDP
!
object-group service SNMP
service-object SNMP_TCP
service-object SNMP_UDP
!
object-group service SNMP-TRAPS
service-object SNMP-TRAPS_TCP
service-object SNMP-TRAPS_UDP
!
object-group service SSH
service-object SSH_TCP
service-object SSH_UDP
!
object-group service Allow_WAN_To_EnterpriseWLAN
description System Default Allow From WAN To EnterpriseWLAN
service-object AH
service-object ESP
service-object HTTPS
service-object IKE
service-object NATT
service-object GRE
service-object VRRP
!
object-group service Allow_DMZ_To_EnterpriseWLAN
description System Default Allow From DMZ To EnterpriseWLAN
object-group DNS
object-group NetBIOS
!
object-group service Allow_WLAN_To_EnterpriseWLAN
description System Default Allow From WLAN To EnterpriseWLAN
service-object BOOTP_SERVER
service-object HTTP
service-object HTTPS
object-group DNS
!
zymesh-profile ZyMesh_AP
ssid ZyMesh_ap
psk 12345678
!
wlan-security-profile default
mode wpa2
wpa-psk 1qazxsw2
!
wlan-ssid-profile default
ssid UHSWN
data-forward localbridge
qos wmm
security default
bandselect mode disable
bandselect drop-probe-request 8
bandselect drop-authentication 3
bandselect time-out-period 120
bandselect check-sta-interval 600
bandselect min-sort-interval 300
!
wlan-monitor-profile default
activate
scan-method auto
scan-dwell 100
!
wlan-radio-profile default
role ap
band 2.4G band-mode 11n
2g-channel 6
ch-width 20m
dtim-period 2
beacon-interval 100
ampdu
limit-ampdu 50000
rssi-dbm -76
rssi-kickout -90
rssi-interval 2
rssi-optype 3
rssi-retrycount 6
rssi-verifytime 10
rssi-privilegetime 300
subframe-ampdu 32
amsdu
limit-amsdu 4096
block-ack
guard-interval short
tx-mask 7
rx-mask 7
output-power -6dB
ssid-profile 1 default
activate
2g-basic-speed 1.0 2.0 5.5 11.0
2g-support-speed 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
2g-mcs-speed 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
!
wlan-radio-profile default2
role ap
band 5G band-mode 11n
2g-channel 6
ch-width auto
dtim-period 2
beacon-interval 100
ampdu
limit-ampdu 50000
rssi-dbm -76
rssi-kickout -90
rssi-interval 2
rssi-optype 3
rssi-retrycount 6
rssi-verifytime 10
rssi-privilegetime 300
subframe-ampdu 32
amsdu
limit-amsdu 4096
block-ack
guard-interval short
tx-mask 7
rx-mask 7
output-power -0dB
ssid-profile 1 default
!
rogue-ap detection
activate
friendly-ap C0:4A:00:E4:31:BF
friendly-ap C0:4A:00:E4:3D:4A
friendly-ap C0:4A:00:E4:3D:E6
friendly-ap B0:B2:DC:71:B3:29
friendly-ap B0:B2:DC:71:B3:23
friendly-ap B0:B2:DC:71:AF:B3
!
rogue-ap containment
activate
!
dcs activate
dcs time-interval 720
dcs sensitivity-level high
dcs client-aware enable
dcs dcs-2g-method auto
dcs channel-deployment 3-channel
dcs dcs-5g-method auto
dcs dfs-aware enable
!
no auto-healing activate
auto-healing healing-interval 10
auto-healing power-threshold -70
auto-healing healing-threshold -85
auto-healing margin 2
auto-healing healing-margin 10
!
capwap ap fallback disable
capwap ap fallback interval 30
capwap ap add B0:B2:DC:71:B3:28
capwap ap add B0:B2:DC:71:B3:22
capwap ap add B0:B2:DC:71:B3:70
capwap ap add B0:B2:DC:71:AF:B2
!
capwap ap B0:B2:DC:71:B3:70
slot1 monitor-profile default
slot2 ap-profile default2
description zavxoz
!
capwap ap B0:B2:DC:71:B3:28
description nach prodajnikov
slot1 ap-profile default
!
capwap ap B0:B2:DC:71:B3:22
description malye prodajniki
slot1 ap-profile default
!
capwap ap B0:B2:DC:71:AF:B2
description bolshye prodajniki
slot1 ap-profile default
!
lan-provision ap B0:B2:DC:71:B3:70
!
lan-provision ap B0:B2:DC:71:AF:B2
!
lan-provision ap B0:B2:DC:71:B3:22
!
lan-provision ap B0:B2:DC:71:B3:28
!
load-balancing activate
no load-balancing kickout
load-balancing mode traffic
load-balancing max sta 10
load-balancing traffic level medium
load-balancing alpha 5
load-balancing beta 10
load-balancing sigma 60
load-balancing timeout 20
load-balancing liInterval 10
load-balancing kickInterval 20
!
ip route 192.168.10.0 255.255.255.0 ge1
ip route 192.168.3.0 255.255.255.0 ge1
!
zone LAN
interface vlan0
!
no page-customization
!
ip http server
!
ip http secure-server cert default
ip http secure-server
!
hostname NXC2500
!
ip ssh server cert default
ip ssh server
!
console baud 115200
!
ip ftp server cert default
!
ntp server 0.pool.ntp.org
ntp
clock time-zone +04
!
ip ip-mac-binding vlan0 activate
!
policy 1
interface vlan0
dscp any
next-hop interface ge1
snat outgoing-interface
!
no alg ftp
no alg ftp transformation
!
app-watch-dog activate
!
web-auth login setting
type internal
!
web-auth exceptional-service DNS
!
web-auth exceptional-service BOOTP_CLIENT
!
web-auth default-rule authentication unnecessary no log
!
zymesh provision-group EC:43:F6:FD:83:EA
!
wtp-logging system-log suppression
!
wtp-logging mail 1 category all level all
wtp-logging mail 2 category all level all
!

Добавить комментарий

Этот сайт использует Akismet для борьбы со спамом. Узнайте, как обрабатываются ваши данные комментариев.