中文讨论区

Reply
New Contributor

无法telnet到AC的问题,求帮助,谢谢

拓扑结构:AC----交换机---AP----PC

 

PC可以获得地址(vlan10和vlan20通过dhcp都试过),可以ping通AC的地址,但是无法telnet,配置的最简单的密码认证,不知道怎么解决

 

交换机上有网关vlan10,ip为192.168.10.254,并且可以telnet到AC

 

 

 

(Aruba-Test-AC) #
(Aruba-Test-AC) #show run
Building Configuration...

version 6.1
enable secret "******"
telnet cli
telnet soe
hostname "Aruba-Test-AC"
clock timezone UTC 8
location "Building1.floor1"
controller config 14
ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0
ip access-list eth validuserethacl
permit any
!
netservice svc-snmp-trap udp 162
netservice svc-netbios-dgm udp 138
netservice svc-pcoip2-tcp tcp 4172
netservice svc-https tcp 443
netservice svc-dhcp udp 67 68 alg dhcp
netservice svc-smb-tcp tcp 445
netservice svc-ike udp 500
netservice svc-l2tp udp 1701
netservice svc-syslog udp 514
netservice svc-citrix tcp 2598
netservice svc-pptp tcp 1723
netservice svc-ica tcp 1494
netservice svc-telnet tcp 23
netservice svc-sccp tcp 2000 alg sccp
netservice svc-sec-papi udp 8209
netservice svc-tftp udp 69 alg tftp
netservice svc-kerberos udp 88
netservice svc-sip-tcp tcp 5060
netservice svc-netbios-ssn tcp 139
netservice svc-lpd tcp 515
netservice svc-pop3 tcp 110
netservice svc-adp udp 8200
netservice svc-cfgm-tcp tcp 8211
netservice svc-noe udp 32512 alg noe
netservice svc-http-proxy3 tcp 8888
netservice svc-pcoip-tcp tcp 50002
netservice svc-pcoip-udp udp 50002
netservice svc-dns udp 53 alg dns
netservice svc-msrpc-tcp tcp 135 139
netservice svc-rtsp tcp 554 alg rtsp
netservice svc-http tcp 80
netservice svc-vocera udp 5002 alg vocera
netservice svc-h323-tcp tcp 1720
netservice svc-h323-udp udp 1718 1719
netservice svc-nterm tcp 1026 1028
netservice svc-sip-udp udp 5060
netservice svc-http-proxy2 tcp 8080
netservice svc-papi udp 8211
netservice svc-noe-oxo udp 5000 alg noe
netservice svc-ftp tcp 21 alg ftp
netservice svc-natt udp 4500
netservice svc-svp 119 alg svp
netservice svc-microsoft-ds tcp 445
netservice svc-gre 47
netservice svc-smtp tcp 25
netservice svc-smb-udp udp 445
netservice svc-sips tcp 5061 alg sips
netservice svc-netbios-ns udp 137
netservice svc-esp 50
netservice svc-ipp-tcp tcp 631
netservice svc-bootp udp 67 69
netservice svc-snmp udp 161
netservice svc-v6-dhcp udp 546 547
netservice svc-pcoip2-udp udp 4172
netservice svc-icmp 1
netservice svc-ntp udp 123
netservice svc-msrpc-udp udp 135 139
netservice svc-ssh tcp 22
netservice svc-ipp-udp udp 631
netservice svc-http-proxy1 tcp 3128
netservice svc-v6-icmp 58
netservice svc-vmware-rdp tcp 3389
netexthdr default
!
ip access-list session allow-diskservices
any any svc-netbios-dgm permit
any any svc-netbios-ssn permit
any any svc-microsoft-ds permit
any any svc-netbios-ns permit
!
ip access-list session control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-papi permit
any any svc-sec-papi permit
any any svc-cfgm-tcp permit
any any svc-adp permit
any any svc-tftp permit
any any svc-dhcp permit
any any svc-natt permit
!
ip access-list session v6-icmp-acl
ipv6 any any svc-v6-icmp permit
!
ip access-list session validuser
network 169.254.0.0 255.255.0.0 any any deny
any any any permit
ipv6 any any any permit
!
ip access-list session vocera-acl
any any svc-vocera permit queue high
!
ip access-list session v6-https-acl
ipv6 any any svc-https permit
!
ip access-list session vmware-acl
!
ip access-list session icmp-acl
any any svc-icmp permit
!
ip access-list session captiveportal
user alias controller svc-https dst-nat 8081
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
user any svc-http-proxy1 dst-nat 8088
user any svc-http-proxy2 dst-nat 8088
user any svc-http-proxy3 dst-nat 8088
!
ip access-list session v6-dhcp-acl
ipv6 any any svc-v6-dhcp permit
!
ip access-list session allowall
any any any permit
ipv6 any any any permit
!
ip access-list session v6-dns-acl
ipv6 any any svc-dns permit
!
ip access-list session sip-acl
any any svc-sip-udp permit queue high
any any svc-sip-tcp permit queue high
!
ip access-list session https-acl
any any svc-https permit
!
ip access-list session dns-acl
any any svc-dns permit
!
ip access-list session ra-guard
ipv6 user any icmpv6 rtr-adv deny
!
ip access-list session citrix-acl
!
ip access-list session allow-printservices
any any svc-lpd permit
any any svc-ipp-tcp permit
any any svc-ipp-udp permit
!
ip access-list session logon-control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
!
ip access-list session vpnlogon
user any svc-ike permit
user any svc-esp permit
any any svc-l2tp permit
any any svc-pptp permit
any any svc-gre permit
!
ip access-list session srcnat
user any any src-nat
!
ip access-list session skinny-acl
any any svc-sccp permit queue high
!
ip access-list session tftp-acl
any any svc-tftp permit
!
ip access-list session v6-allowall
ipv6 any any any permit
!
ip access-list session cplogout
user alias controller svc-https dst-nat 8081
!
ip access-list session captiveportal6
ipv6 user alias controller6 svc-https captive
ipv6 user any svc-http captive
ipv6 user any svc-https captive
ipv6 user any svc-http-proxy1 captive
ipv6 user any svc-http-proxy2 captive
ipv6 user any svc-http-proxy3 captive
!
ip access-list session dhcp-acl
any any svc-dhcp permit
!
ip access-list session http-acl
any any svc-http permit
!
ip access-list session v6-http-acl
ipv6 any any svc-http permit
!
ip access-list session ap-uplink-acl
any any udp 68 permit
any any svc-icmp permit
any host 224.0.0.251 udp 5353 permit
!
ip access-list session ap-acl
any any svc-gre permit
any any svc-syslog permit
any user svc-snmp permit
user any svc-snmp-trap permit
user any svc-ntp permit
user alias controller svc-ftp permit
!
ip access-list session svp-acl
any any svc-svp permit queue high
user host 224.0.1.116 any permit
!
ip access-list session noe-acl
any any svc-noe permit queue high
!
ip access-list session h323-acl
any any svc-h323-tcp permit queue high
any any svc-h323-udp permit queue high
!
ip access-list session v6-logon-control
ipv6 user any udp 68 deny
ipv6 any any svc-v6-icmp permit
ipv6 any any svc-v6-dhcp permit
ipv6 any any svc-dns permit
!
vpn-dialer default-dialer
ike authentication PRE-SHARE ******
!
user-role ap-role
access-list session control
access-list session ap-acl
!
user-role denyall
!
user-role cpbase
!
user-role default-vpn-role
access-list session allowall
access-list session v6-allowall
!
user-role voice
access-list session sip-acl
access-list session noe-acl
access-list session svp-acl
access-list session vocera-acl
access-list session skinny-acl
access-list session h323-acl
access-list session dhcp-acl
access-list session tftp-acl
access-list session dns-acl
access-list session icmp-acl
!
user-role default-via-role
access-list session allowall
!
user-role guest-logon
captive-portal "default"
access-list session logon-control
access-list session captiveportal
access-list session v6-logon-control
access-list session captiveportal6
!
user-role guest
access-list session http-acl
access-list session https-acl
access-list session dhcp-acl
access-list session icmp-acl
access-list session dns-acl
access-list session v6-http-acl
access-list session v6-https-acl
access-list session v6-dhcp-acl
access-list session v6-icmp-acl
access-list session v6-dns-acl
!
user-role stateful-dot1x
!
user-role authenticated
access-list session allowall
access-list session v6-allowall
!
user-role logon
access-list session logon-control
access-list session captiveportal
access-list session vpnlogon
access-list session v6-logon-control
access-list session captiveportal6
!
!

controller-ip vlan 10
interface mgmt
shutdown
!

dialer group evdo_us
init-string ATQ0V1E0
dial-string ATDT#777
!

dialer group gsm_us
init-string AT+CGDCONT=1,"IP","ISP.CINGULAR"
dial-string ATD*99#
!

dialer group gsm_asia
init-string AT+CGDCONT=1,"IP","internet"
dial-string ATD*99***1#
!

dialer group vivo_br
init-string AT+CGDCONT=1,"IP","zap.vivo.com.br"
dial-string ATD*99#
!

 

vlan 10
vlan 20


interface fastethernet 1/0
description "FE1/0"
trusted
trusted vlan 1-4094
switchport mode trunk
!

interface fastethernet 1/1
description "FE1/1"
trusted
trusted vlan 1-4094
!

interface fastethernet 1/2
description "FE1/2"
trusted
trusted vlan 1-4094
!

interface fastethernet 1/3
description "FE1/3"
trusted
trusted vlan 1-4094
!

interface fastethernet 1/4
description "FE1/4"
trusted
trusted vlan 1-4094
!

interface fastethernet 1/5
description "FE1/5"
trusted
trusted vlan 1-4094
!

interface fastethernet 1/6
description "FE1/6"
trusted
trusted vlan 1-4094
!

interface fastethernet 1/7
description "FE1/7"
trusted
trusted vlan 1-4094
!

interface gigabitethernet 1/8
description "GE1/8"
trusted
trusted vlan 1-4094
!

interface vlan 10
ip address 192.168.10.100 255.255.255.0
operstate up
!

interface vlan 20
ip address 192.168.20.100 255.255.255.0
operstate up
!

no uplink wired vlan 1
uplink disable

ap mesh-recovery-profile cluster RecoveryF4mgjarU/RZTM0aa wpa-hexkey 9f0c441eb747dc43b1062133730fe1dc47f9dec969b3f3f8175e2cf7648660d5103e3af97d92fa95307282e1c111386d8ff6358ddb04343280cc05f46e5328cd689ec12e63b41fe68f17ebd5efa6e54f
crypto isakmp policy 20
encryption aes256
!

crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac
crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac
crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac
crypto dynamic-map default-dynamicmap 10000
set transform-set "default-transform" "default-aes"
!

crypto isakmp eap-passthrough eap-tls
crypto isakmp eap-passthrough eap-peap
crypto isakmp eap-passthrough eap-mschapv2

vpdn group l2tp
!

ip dhcp pool hguotest
default-router 192.168.20.100
network 192.168.20.0 255.255.255.0
authoritative
!
ip dhcp pool hguotest1
default-router 192.168.10.254
network 192.168.10.0 255.255.255.0
authoritative
!
service dhcp

!

vpdn group pptp
!

tunneled-node-address 0.0.0.0

adp discovery enable
adp igmp-join enable
adp igmp-vlan 0

voice rtcp-inactivity disable
voice sip-midcall-req-timeout disable
ap ap-blacklist-time 3600


ssh mgmt-auth username/password
mgmt-user admin root cdc8b9bf0131ee759e128ee8e06d7e22129e1db8c98a72989e

 


no database synchronize
database synchronize rf-plan-data

ip mobile domain default
!

ip igmp
!

ipv6 mld
!

no firewall attack-rate cp 1024
ipv6 firewall ext-hdr-parse-len 100

!
firewall cp

!
firewall cp
packet-capture-defaults tcp disable udp disable sysmsg disable other disable
!
ip domain lookup
!
country CN
aaa authentication mac "default"
!
aaa authentication dot1x "default"
!
aaa authentication dot1x "nt-test"
!
aaa server-group "default"
auth-server Internal
set role condition role value-of
!
aaa profile "default"
!
aaa profile "hguotest-psk-aaa-profile"
authentication-dot1x "nt-test"
!
aaa authentication captive-portal "default"
!
aaa authentication wispr "default"
!
aaa authentication vpn "default"
!
aaa authentication vpn "default-rap"
!
aaa authentication mgmt
!
aaa authentication stateful-ntlm "default"
!
aaa authentication stateful-kerberos "default"
!
aaa authentication stateful-dot1x
!
aaa authentication wired
!
web-server
!
papi-security
!
guest-access-email
!
voice logging
!
voice dialplan-profile "default"
!
voice real-time-config
!
voice sip
!
aaa password-policy mgmt
!
control-plane-security
no cpsec-enable
!
ids management-profile
!
ids wms-general-profile
poll-retries 3
!
ids wms-local-system-profile
!
ids ap-rule-matching
!
valid-network-oui-profile
!
ap system-profile "default"
!
ap regulatory-domain-profile "default"
country-code CN
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 149
valid-11a-channel 153
valid-11a-channel 157
valid-11a-channel 161
valid-11a-channel 165
valid-11g-40mhz-channel-pair 1-5
valid-11g-40mhz-channel-pair 7-11
valid-11a-40mhz-channel-pair 149-153
valid-11a-40mhz-channel-pair 157-161
!
ap wired-ap-profile "default"
!
ap enet-link-profile "default"
!
ap mesh-ht-ssid-profile "default"
!
ap mesh-cluster-profile "default"
!
ap wired-port-profile "default"
!
ap mesh-radio-profile "default"
!
ids general-profile "default"
!
ids rate-thresholds-profile "default"
!
ids signature-profile "default"
!
ids impersonation-profile "default"
!
ids unauthorized-device-profile "default"
!
ids signature-matching-profile "default"
signature "Deauth-Broadcast"
signature "Disassoc-Broadcast"
!
ids dos-profile "default"
!
ids profile "default"
!
rf arm-profile "arm-maintain"
assignment maintain
no scanning
!
rf arm-profile "arm-scan"
!
rf arm-profile "default"
!
rf optimization-profile "default"
!
rf event-thresholds-profile "default"
!
rf am-scan-profile "default"
!
rf dot11a-radio-profile "default"
!
rf dot11a-radio-profile "rp-maintain-a"
arm-profile "arm-maintain"
!
rf dot11a-radio-profile "rp-monitor-a"
mode am-mode
!
rf dot11a-radio-profile "rp-scan-a"
arm-profile "arm-scan"
!
rf dot11g-radio-profile "default"
!
rf dot11g-radio-profile "rp-maintain-g"
arm-profile "arm-maintain"
!
rf dot11g-radio-profile "rp-monitor-g"
mode am-mode
!
rf dot11g-radio-profile "rp-scan-g"
arm-profile "arm-scan"
!
wlan dot11k-profile "default"
!
wlan voip-cac-profile "default"
!
wlan ht-ssid-profile "default"
!
wlan edca-parameters-profile station "default"
!
wlan edca-parameters-profile ap "default"
!
wlan ssid-profile "default"
!
wlan ssid-profile "hguotest-ssid-profile"
essid "hguotest"
opmode wpa2-psk-aes
wpa-passphrase acad09741205c75e099a8fc6a4d0271336450579a3dcfb23
!
wlan virtual-ap "default"
!
wlan virtual-ap "hguotest-virtual-ap"
aaa-profile "hguotest-psk-aaa-profile"
ssid-profile "hguotest-ssid-profile"
vlan 10
!
ap provisioning-profile "default"
!
ap spectrum local-override
!
ap-group "default"
virtual-ap "hguotest-virtual-ap"
!
logging level warnings security subcat ids
logging level warnings security subcat ids-ap

snmp-server enable trap

process monitor log

network-printer max-jobs 500
network-printer max-clients-per-host 10
network-printer max-clients 10
end

(Aruba-Test-AC) #

Contributor I

Re: 无法telnet到AC的问题,求帮助,谢谢

telnet时报什么错误?

New Contributor

Re: 无法telnet到AC的问题,求帮助,谢谢

默认是AC 未开放telnet  请用telnet cli 开启AC的telnet 功能

Aruba Employee

Re: 无法telnet到AC的问题,求帮助,谢谢

根据你的拓扑和配置你已经配置了telnet cli。

应该是PC所连接的AP的port配置问题,请修改 ap wired-ap-profile "default" 相关配置例如设置属性为trusted

 

 

New Contributor

Re: 无法telnet到AC的问题,求帮助,谢谢

你检查下两个地方,1是,TLENET CLI 有没有开启来,2,是AC上你设置网关了没

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: