zoukankan      html  css  js  c++  java
  • 无线控制器的管理

    思科无线控制器可以通过多种方式进行管理。包括Console、SSH、Telnet、HTTP、HTTPS等方式;

    1、Console

    A direct serial connection to the controller console port,The default username is admin, and the default password is admin

    You need these items to connect to the serial port:

    • A computer that is running a terminal emulation program such as Putty, SecureCRT, or similar

    • A standard Cisco console serial cable with an RJ45 connector

    Configure terminal emulator program with default settings:

    • 9600 baud (你可以通过命令去WLC上修改对应的波特率)

      • (Cisco Controller) >config serial baudrate

        [1200/2400/4800/9600/19200/38400/57600/115200] Enter serial speed.

    • 8 data bits

    • 1 stop bit

    • No parity

    • No hardware flow control

    To log on to the controller CLI through the serial port, follow these steps:

    如下是WLC5508, 5520,8510,8540以及新的Catalyst Wireless Controller 9800的Console port:

     

    系统提示符可以是最多31个字符的任何字母数字字符串。 您可以通过输入config prompt命令进行更改。

    eg:

    (Cisco Controller) >config prompt Test-vWLC

    (Test-vWLC) >
    (Test-vWLC) >
    (Test-vWLC) >
    (Test-vWLC) >

    1、HTTP和HTTPS

    如果使用HTTP和HTTPS去管理无线控制器,需要开启WEB和WEB-Secure

    Choose Management > HTTP-HTTPS.The HTTP-HTTPS Configuration page is displayed.

     如果通过CLI来配置:

    (Test-vWLC) >config network webmode enable

    (Test-vWLC) >config network secureweb enable
    You must reboot for the change to take effect.  《注意开启secureweb开启,需要重启!默认就是开启的》

    • Enable or disable secure web mode with increased security by entering this command:

    config network secureweb cipher-option high {enable | disable}

    This command allows users to access the controller GUI using “https://ip-address” but only from browsers that support 128-bit (or larger) ciphers. The default value is disabled.

    When high ciphers is enabled, SHA1, SHA256, SHA384 keys continue to be listed and TLS 1.0 is disabled. This is applicable to webauth and webadmin but not for NMSP.

     

    • Enable or disable SSLv2 for web administration by entering this command:

    config network secureweb cipher-option sslv2 {enable | disable}

    If you disable SSLv2, users cannot connect using a browser configured with SSLv2 only. They must use a browser that is configured to use a more secure protocol such as SSLv3 or later. The default value is disabled.

    • Enable 256 bit ciphers for a SSH session by entering this command:

    config network ssh cipher-option high {enable | disable}

     

    • (Optional) Generate a new certificate by entering this command:

    config certificate generate webadmin

    After a few seconds, the controller verifies that the certificate has been generated

     

    查看命令:

    (Test-vWLC) >show network summary

    RF-Network Name............................. MG
    Web Mode.................................... Enable
    Secure Web Mode............................. Enable
    Secure Web Mode Cipher-Option High.......... Disable
    Secure Web Mode Cipher-Option SSLv2......... Disable
    Secure Web Mode RC4 Cipher Preference....... Disable
    OCSP........................................ Disabled
    OCSP responder URL..........................
    Secure Shell (ssh).......................... Enable
    Telnet...................................... Disable

    .......

    (Test-vWLC) >show certificate summary
    Web Administration Certificate................... 3rd Party
    Web Authentication Certificate................... Locally Generated
    Certificate compatibility mode:.................. off

    3、Telnet和SSH

    Choose Management > Telnet-SSH to open the Telnet-SSH Configuration page.

     CLI配置:

    (Test-vWLC) >config network telnet enable

    (Test-vWLC) >config network ssh enable

    (Test-vWLC) >config sessions timeout 0 《关闭会话超时》

    (Test-vWLC) >config sessions maxsessions

    [0-5] Enter sessions as integer. 《最大会话只能是5个》

    (Test-vWLC) >config loginsession

    close Close active telnet session(s).

    (Test-vWLC) >config loginsession close

    [<session ID>/all] Enter session ID.

    Configure SSH access host-key by entering these commands:

    • Generate or regenerate SSH host key by entering this command:

      config network ssh host-key generate

      This command generates a 1024-bit key.

    • Use device certificate private key as SSH host key by entering this command:

      config network ssh host-key use-device-certificate-key

      This command generates a 2048-bit key.

    查看命令:


    (Test-vWLC) >show network summary

    RF-Network Name............................. MG
    Web Mode.................................... Enable
    Secure Web Mode............................. Enable
    Secure Web Mode Cipher-Option High.......... Disable
    Secure Web Mode Cipher-Option SSLv2......... Disable
    Secure Web Mode RC4 Cipher Preference....... Disable
    OCSP........................................ Disabled
    OCSP responder URL..........................
    Secure Shell (ssh).......................... Enable
    Telnet...................................... Enable
    Ethernet Multicast Forwarding............... Disable
    Ethernet Broadcast Forwarding............... Disable

    查看会话情况,并关闭某会话session

    (Test-vWLC) >show loginsession

    ID User Name Login Type Connection From Idle Time Session Time
    -- --------------- ---------- --------------------------------------------- ------------ ------------
    01 lcj Ssh 10.0.0.1 00:00:00 00:48:58

    (Test-vWLC) >config loginsession close 01

    ****此时断开了连接****

    4、为特定的用户配置Telnet权限

    你必须全局启用Telnet权限。 默认情况下,所有管理用户都启用了Telnet权限。SSH sessions are not affected by this feature.

     CLI配置:

    config mgmtuser telnet user-name {enable | disable}

    5、配置通过无线管理WLC

    The management over wireless feature allows you to monitor and configure local controllers using a wireless client. This feature is supported for all management tasks except uploads to and downloads from (transfers to and from) the controller.(除了从WLC上传和下载任务)

    限制情况:

    • Management over Wireless can be disabled only if clients are on central switching.(默认关闭)

    • Management over Wireless is not supported for FlexConnect local switching clients. However, Management over Wireless works for non-web authentication clients if you have a route to the controller from the FlexConnect site.(Flex 本地转发的客户端不支持;如果你从Flex站点到WLC有路由,除了WEB认证的客户端外,可以实现无线管理WLC)

    配置:

    Choose Management > Mgmt Via Wireless to open the Management Via Wireless page.

     CLI配置:

    (Test-vWLC) >config network mgmt-via-wireless enable

    查看状态:

    (Test-vWLC) >show network summary

    RF-Network Name............................. MG
    Web Mode.................................... Enable
    Secure Web Mode............................. Enable
    Secure Web Mode Cipher-Option High.......... Disable
    Secure Web Mode Cipher-Option SSLv2......... Disable
    Secure Web Mode RC4 Cipher Preference....... Disable

    .....

    AP Join Priority............................ Disable
    Mgmt Via Wireless Interface................. Enable
    Mgmt Via Dynamic Interface.................. Disable
    Bridge MAC filter Config.................... Enable

    .....

    开启通过动态Dynamic Interfaces 管理WLC:

    默认情况下禁用动态接口,如果需要也可以启用大多数或所有管理功能。 启用后,所有动态接口都可用于管理员访问控制器。 您可以根据需要使用访问控制列表(ACL)来限制此访问。

    应该只能通过CLI:config network mgmt-via-dynamic-interface {enable | disable}

    注意:通过Remote管理(如Web或SSH等)方式管理WLC,需要注意web管理或SSH等管理方式是否enable,如果没有打开需要开启,另外,值得注意的是,如果本地安装有VMware虚拟机等应用,应该避免VMware的网卡和WLC的mangement interface处于同一个网段。

  • 相关阅读:
    各种读取速度
    索引倒排
    清空mysql数据
    java随机读取文件
    移动文件
    输出字符串数组
    背包问题
    使用bloomfilter
    使用hash拆分文件
    判断文件的编码格式
  • 原文地址:https://www.cnblogs.com/MomentsLee/p/11544046.html
Copyright © 2011-2022 走看看