标签:mit mask 域名 网络配置 pcs 不用 h3c gen ima
Portal服务器是基于web进行认证的机制,属于B/S架构。通过和RADIUS进行配合,可以呈现用户连网弹网页,输入用户名密码后即可上网。
当前portal认真的相关版本:
各家厂家的版本各有差异,公有标准的为portal2.0标准。
而portal3.0是为IPv6进行的适配。
这里H3C的portal2.0是CMCC的标准。也是通用标准接口。
H3C AC相关配置:
版本V5,型号:LSQ1WCMD0(板卡式AC)
配置portal认证:
portal server sundray_portal ip 10.0.10.22 url http://10.0.10.22/?url_id=1607641 server-type cmcc #配置URL及协议版本
portal free-rule 3 source ip 10.10.160.0 mask 255.255.224.0 destination ip any #白名单,写入后网段或Ip地址或端口不用进行认证。
portal wlan ssid Expo_Center_Free server sundray_portal domain dsf-portal #SSID号和domain想对应
portal mac-trigger server ip 10.0.10.22
#配置URL代的参数
portal url-param include user-mac
portal url-param include nas-ip param-name wlanacip
portal url-param include ap-mac param-name apmac
portal url-param include user-url
portal url-param include user-ip
portal其他参数:
portal host-check wlan
portal silent ios optimize
portal safe-redirect enable
portal safe-redirect method get post
portal safe-redirect user-agent Andriod
portal safe-redirect user-agent CaptiveNetworkSupport
配置radius参数:
radius scheme dsf-portal
server-type extended
primary authentication 10.0.10.22
primary accounting 10.0.10.22
key authentication cipher $c$3$6FpFlPjx7jpCsVhgflm6nH8YiOrEnAuT+w== #默认为123456
key accounting cipher $c$3$LRr7EjHcuPutYY0eopNZgytQc9FIUx7+hw== #该为计费系统的秘钥:默认123456
user-name-format without-domain
nas-ip 10.0.2.246
accounting-on enable interval 15
配置域名:
domain dsf-portal
authentication portal radius-scheme dsf-portal
authorization portal radius-scheme dsf-portal
accounting portal radius-scheme dsf-portal
access-limit disable
state active
idle-cut enable 5 10240
self-service-url disable
华为portal认证配置:
Huawei AC6605 版本:V200R006C10SPC100
radius-server template ndkey-wcc-radius
radius-server shared-key cipher %^%##]iND0f2x8p_=EWjzY2.I`(FUy/INB>`7_:+~f+I%^%#
radius-server authentication 10.0.10.22 1812 weight 80
radius-server accounting 10.0.10.22 1813 weight 80
radius-server authorization 10.0.10.22 shared-key cipher %^%#{"E%OMEJ31zjZtU(7U*/C~Q#/n6gX+;nqtMMxI^E%^%#
free-rule-template name default_free_rule
free-rule 0 destination ip 61.128.128.68 mask 255.255.255.255 source ip any
free-rule 2 destination ip any source ip 192.168.250.0 mask 255.255.255.0
url-template name ndkey-wcc-web
url http://10.0.10.22/?url_id=16077300
url-parameter redirect-url redirect-url ssid ssid user-ipaddress user-ipaddress user-mac user-mac
web-auth-server ndkey-wcc-web-ser
server-ip 10.0.10.22
port 50100
shared-key cipher %^%#:q@[M‘^_j)HG2Z!2s8_!==&p,\VR#Esp(UDMt=}Q%^%#
url http://10.0.10.22/?url_id=16077300
url-template ndkey-wcc-web
portal-access-profile name portal1701
web-auth-server ndkey-wcc-web-ser direct
#
portal-access-profile name portal1702
web-auth-server ndkey-wcc-web-ser direct
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authentication-scheme ndkey-wcc-radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
accounting-scheme ndkey-wcc-radius
accounting-mode radius
domain default
authentication-scheme ndkey-wcc-radius
accounting-scheme ndkey-wcc-radius
radius-server ndkey-wcc-radius
domain default_admin
domain huawei.com
authentication-scheme ndkey-wcc-radius
accounting-scheme ndkey-wcc-radius
radius-server ndkey-wcc-radius
标签:mit mask 域名 网络配置 pcs 不用 h3c gen ima
原文地址:https://www.cnblogs.com/xinbing/p/14469446.html
