原由:因購買了一批 Ruckus 2825 的無線AP ,為了安全考量要採用 MAC 的檢查機制,但發現該產品提供的網頁雖然可以進行設定,但輸入的方便性不佳,故試以 ssh 方式登入 Ruckus 2825 以進行管理,也發現它提供了一個較好的管理功能,但一直無法成功,會出現 Invalid wlan interface name,實在不知道參數 <network name|ifname> 是什麼東西,在 google 找了好久終於給我找到,故將實際的操作過程記錄如下:
1.以 http 方式開啟 Access Control Data WLAN 設定為 Allow only stations listed in the Access Control Table .
2.以 ssh 方式登入並須使用 spuer 帳號才能登入.
3.查詢該 shell 提供什麼功能
rkscli: help
Help for each command group can be shown with:
help radiogroup
help systemgroup
help qosgroup
help shaper
help miscgroup
help helpgroup
help debuggroup
help aclgroup
'help <cmd>' will show help for a command or partial command
'help <foo>' will search help text as a last resort.
OK
4.針對 aclgroup 確認有何功能
rkscli: help aclgroup
===================
ACL Commands Group:
===================
acl : get acl <network name|ifname> mac
-- Displays ACL processing on the specified interface
acl : set acl <network name|ifname> mac [disable|allow|deny]
-- Enables ACL processing on the specified interface
set acl <network name|ifname> mac [add|delete] <xx:xx:xx:xx:xx:xx>
-- Specifies Layer 2 MAC for ACL processing on the specified interface
OK
5.取得目前的 mac list
wlan0 (Video WLAN) is the first SSID ,wlan1 (Data WLAN) is the Second SSID
OK
rkscli: get acl wlan1 mac
Allow All MAC ACL processing is Enabled for wlan1 interface
MAC ACL list
1: XX:XX:XX:XX:XX:XX
6.追加新的 mac
rkscli: set acl wlan1 mac add XX:XX:XX:XX:XX:XX
MAC XX:XX:XX:XX:XX:XX is set on interface wlan1
OK
6.再次確認 MAC List
rkscli: get acl wlan1 mac
Allow All MAC ACL processing is Enabled for wlan1 interface
MAC ACL list
1: XX:XX:XX:XX:XX:XX
2: XX:XX:XX:XX:XX:XX
OK
rkscli:
7.完工
留言列表
