吳承軒的部落格

原由:因購買了一批 Ruckus 2825 的無線AP ,為了安全考量要採用 MAC 的檢查機制,但發現該產品提供的網頁雖然可以進行設定,但輸入的方便性不佳,故試以 ssh 方式登入 Ruckus 2825 以進行管理,也發現它提供了一個較好的管理功能,但一直無法成功,會出現 Invalid wlan interface name,實在不知道參數 <network name|ifname> 是什麼東西,在 google 找了好久終於給我找到,故將實際的操作過程記錄如下:

1.以 http 方式開啟 Access Control Data WLAN 設定為  Allow only stations listed in the Access Control Table .

2.以 ssh 方式登入並須使用 spuer 帳號才能登入.

3.查詢該 shell 提供什麼功能
rkscli: help
Help for each command group can be shown with:
help radiogroup
help systemgroup
help qosgroup
help shaper
help miscgroup
help helpgroup
help debuggroup
help aclgroup

'help <cmd>' will show help for a command or partial command
'help <foo>' will search help text as a last resort.
OK

4.針對 aclgroup 確認有何功能

rkscli: help aclgroup
===================
ACL Commands Group:
===================
acl        :    get acl <network name|ifname> mac
                 -- Displays ACL processing on the specified interface

acl        :    set acl <network name|ifname> mac [disable|allow|deny]
                 -- Enables ACL processing on the specified interface
        set acl <network name|ifname> mac [add|delete] <xx:xx:xx:xx:xx:xx>
                 -- Specifies Layer 2 MAC for ACL processing on the specified interface

OK

5.取得目前的 mac list

wlan0 (Video WLAN) is the first SSID  ,wlan1 (Data WLAN) is the Second SSID

rkscli: get acl wlan1 mac
Allow All MAC ACL processing is Enabled for wlan1 interface
MAC ACL list
  1: XX:XX:XX:XX:XX:XX

OK

6.追加新的 mac

rkscli: set acl wlan1 mac add  XX:XX:XX:XX:XX:XX

MAC XX:XX:XX:XX:XX:XX is set on interface wlan1
OK

6.再次確認 MAC List
rkscli: get acl wlan1 mac
Allow All MAC ACL processing is Enabled for wlan1 interface
MAC ACL list
  1: XX:XX:XX:XX:XX:XX

  2: XX:XX:XX:XX:XX:XX

OK
rkscli:

7.完工