admin 发表于 2015-11-30 11:16:02

华为S5700 对接OpenPortal Portal协议WEB认证WIFI认证系统 Radius方式配置

华为S5700 对接OpenPortal Portal协议WEB认证WIFI认证系统 Radius方式配置


<ZDHZ-3LAYS>dis cur
#
!Software Version V200R001C00SPC300
sysname ZDHZ-3LAYS
#
vlan batch 100 200
#
web-auth-server version v2
portal free-rule 0 source ip 27.103.192.100 mask 255.255.255.255
portal free-rule 1 destination ip 27.103.192.100 mask 255.255.255.255
portal free-rule 2 destination ip 27.103.192.1 mask 255.255.255.255
portal free-rule 3 destination ip 27.103.32.1 mask 255.255.255.255
portal free-rule 4 destination ip 27.103.20.1 mask 255.255.255.255
portal free-rule 5 destination ip 27.103.192.6 mask 255.255.255.255
portal free-rule 6 source ip 27.103.192.6 mask 255.255.255.255
portal free-rule 7 source ip 27.103.192.1 mask 255.255.255.255
portal free-rule 8 source ip 27.103.20.1 mask 255.255.255.255
portal free-rule 9 source ip 27.103.32.1 mask 255.255.255.255
#
http server load s5700si-v200r001c00.001.web.zip
#
undo nap slave enable
#
dhcp enable
#
radius-server template radius            
radius-server shared-key simple LeeSon
radius-server authentication 27.103.192.6 1812
radius-server accounting 27.103.192.6 1813
radius-server retransmit 2
#
acl name JZW-BGW 3999
rule 1000 permit ip source 27.103.192.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
rule 1001 permit ip source 192.168.1.0 0.0.0.255 destination 27.103.192.0 0.0.0.255
rule 1002 deny ip
#
web-auth-server openportal
server-ip 27.103.192.6
port 50100
shared-key cipher %$%$o%Dc%Q_i@QFB3l"6E@U(:YPG%$%$
url http://27.103.192.6
source-ip 27.103.192.100
#
vlan 200
description bgw
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius            
authorization-scheme default
accounting-scheme default
accounting-scheme radius
accounting-mode radius
domain default
domain default_admin
domain leeson.com
authentication-scheme radius
accounting-scheme radius
radius-serverradius
local-user admin password cipher %$%$O9hP7mbf4Q#E\vU4j#wX3ypg%$%$
local-user admin service-type http
local-user leeson password cipher %$%$f(>dEQ;]KHB]^6Ycod8&ywne%$%$
local-user leeson privilege level 15
#
interface Vlanif100
ip address 27.103.192.100 255.255.255.0
web-auth-server openportal layer3
#
interface Vlanif200
ip address 192.168.1.254 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 192.168.1.32
dhcp server excluded-ip-address 192.168.1.100 192.168.1.102
dhcp server excluded-ip-address 192.168.1.200
dhcp server excluded-ip-address 192.168.1.245 192.168.1.253
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 100
traffic-filter inbound acl name JZW-BGW
traffic-filter outbound acl name JZW-BGW
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/5            
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/8
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/9
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/10
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/11         
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/12
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/13
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/14
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/15
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/16
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/17         
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/18
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/19
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/20
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/21
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/22
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/23         
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 200
#
interface NULL0
#
ip route-static 27.103.20.0 255.255.255.0 27.103.192.1
ip route-static 27.103.32.0 255.255.255.0 27.103.192.1
ip route-static 27.103.192.0 255.255.255.0 Vlanif100
ip route-static 192.168.1.0 255.255.255.0 Vlanif200
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$bm3NDz%<NBQZ!^P.Awa2,!ulykCGCf0A+7D]X9=HL}YH#'{v%$%$
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
user-interface vty 16 20
#
port-group bgw
group-member GigabitEthernet0/0/9      
group-member GigabitEthernet0/0/10
group-member GigabitEthernet0/0/11
group-member GigabitEthernet0/0/12
group-member GigabitEthernet0/0/13
group-member GigabitEthernet0/0/14
group-member GigabitEthernet0/0/15
group-member GigabitEthernet0/0/16
group-member GigabitEthernet0/0/17
group-member GigabitEthernet0/0/18
group-member GigabitEthernet0/0/19
group-member GigabitEthernet0/0/20
group-member GigabitEthernet0/0/21
group-member GigabitEthernet0/0/22
group-member GigabitEthernet0/0/23
group-member GigabitEthernet0/0/24
group-member GigabitEthernet0/0/1
group-member GigabitEthernet0/0/2
group-member GigabitEthernet0/0/3
group-member GigabitEthernet0/0/4
group-member GigabitEthernet0/0/5
group-member GigabitEthernet0/0/6
group-member GigabitEthernet0/0/7
group-member GigabitEthernet0/0/8
#                                       
return
<ZDHZ-3LAYS>

页: [1]
查看完整版本: 华为S5700 对接OpenPortal Portal协议WEB认证WIFI认证系统 Radius方式配置