admin 发表于 2017-9-2 09:36:54

华为S5700三层交换机对接OpenPortal实现Portal+MAC快速无感知认证

华为S5700三层交换机对接OpenPortal实现Portal+MAC快速无感知认证


拓扑描述:
普通路由做上层网关、DHCP、宽带拨号
下接华为S5700三层交换机
下接普通无线路由器关闭DHCP做桥接模式(通过Lan口与S5700连接)


实现:
对接OpenPortal实现Portal认证+MAC快速无感知认证




dis cur
!Software Version V200R005C00SPC500
#
sysname LeeSon-SW
#
undo info-center enable
#
dns resolve
dns server 118.118.118.9
dns server 202.98.192.67
#
vcmp role silent
#
vlan batch 10 100
#
lnp disable
#
undo authentication unified-mode
#
telnet server enable
telnet ipv6 server enable
#
mac-authen
mac-authen domain leeson.com
#
http server load s5700si-v200r005c00spc500.web.7z
#
undo management-port isolate enable
undo management-plane isolate enable
#
dhcp enable
#
radius-server template radius
radius-server shared-key cipher %@%@3:T<:/_JKF'gF"J@xmE&]1+i%@%@
radius-server authentication 192.168.0.1 1812 weight 80
radius-server accounting 192.168.0.1 1813 weight 80
radius-server retransmit 2
undo radius-server user-name domain-included
radius-attribute nas-ip 192.168.0.250
#
url-template name openportal
url http://192.168.0.1
url-parameter user-mac mac redirect-url url sysname nasname user-ipaddress wlanuserip
url-parameter mac-address format delimiter : normal
#
web-auth-server openportal
server-ip 192.168.0.5 192.168.0.1
port 50100
shared-key cipher %@%@\r5pOb*+_0<)8#R90%sI~n{o%@%@
url http://192.168.0.1                  
url-template openportal
source-ip 192.168.0.250
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
accounting-scheme radius
accounting-mode radius
accounting realtime 1
domain default
domain default_admin
domain leeson.com
authentication-scheme radius
accounting-scheme radius
radius-server radius
statistic enable
local-user admin password irreversible-cipher %@%@i5+*Q]e1jOIgu.)+>.E!o7rL!tS)&6q{1=C&;v5uA!Z)7rOo%@%@
local-user admin privilege level 15
local-user admin service-type telnet http
local-user leeson password irreversible-cipher %@%@n2R,AhiG/R1#c>>jL1u/p1BGlJZV~O,$L#yD84&o~8>81BJp%@%@
local-user leeson privilege level 15   
local-user leeson service-type telnet http
local-user lishuo password irreversible-cipher %@%@GY2h3cG!o4_dr(*WnBo%WH1kDBSq/"YW9-p\aa-whY/<H1nW%@%@
local-user lishuo privilege level 15
local-user lishuo service-type telnet http
#
interface Vlanif10
ip address 10.0.0.1 255.255.255.0
#
interface Vlanif100
ip address 192.168.0.250 255.255.255.0
web-auth-server openportal direct
portal domain leeson.com
mac-authen
mac-authen username macaddress format without-hyphen
mac-authen domain leeson.com
dhcp select relay
dhcp relay server-ip 192.168.0.254
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#                                       
interface GigabitEthernet0/0/2
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 100
#                                       
interface GigabitEthernet0/0/8
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/9
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/10
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/11
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/12
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/13
port link-type access
port default vlan 100
#                                       
interface GigabitEthernet0/0/14
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/15
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/16
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/17
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/18
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/19
port link-type access
port default vlan 100
#                                       
interface GigabitEthernet0/0/20
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/21
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/22
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/23
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 10
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/4
#                                       
ssh server compatible-ssh1x enable
#
web-auth-server version v2
portal timer offline-detect 30
portal free-rule 0 destination any source ip 192.168.0.1 mask 255.255.255.255
portal free-rule 1 destination ip 192.168.0.1 mask 255.255.255.255 source any
portal free-rule 2 destination any source ip 192.168.0.254 mask 255.255.255.255
portal free-rule 3 destination ip 192.168.0.254 mask 255.255.255.255 source any
portal free-rule 4 destination any source ip 192.168.0.250 mask 255.255.255.255
portal free-rule 5 destination ip 192.168.0.250 mask 255.255.255.255 source any
portal free-rule 6 destination any source ip 118.118.118.9 mask 255.255.255.255
portal free-rule 7 destination ip 118.118.118.9 mask 255.255.255.255 source any
portal free-rule 8 destination any source ip 202.98.192.67 mask 255.255.255.255
portal free-rule 9 destination ip 202.98.192.67 mask 255.255.255.255 source any
portal free-rule 10 destination any source interface GigabitEthernet0/0/1
portal free-rule 28 destination any source ip 192.168.0.10 mask 255.255.255.255
portal free-rule 29 destination ip 192.168.0.10 mask 255.255.255.255 source any
#
user-interface con 0
authentication-mode password
set authentication password cipher @%@%!'"/22O3L7H\t(M>:R4Myy=itER,GfG*U!`UKbWqOC6Oy=ly@%@%
user-interface vty 0 4
authentication-mode aaa
user privilege level 15                  
protocol inbound all
user-interface vty 16 20
protocol inbound telnet
#
port-group alle
group-member GigabitEthernet0/0/1
group-member GigabitEthernet0/0/2
group-member GigabitEthernet0/0/3
group-member GigabitEthernet0/0/4
group-member GigabitEthernet0/0/5
group-member GigabitEthernet0/0/6
group-member GigabitEthernet0/0/7
group-member GigabitEthernet0/0/8
group-member GigabitEthernet0/0/9
group-member GigabitEthernet0/0/10
group-member GigabitEthernet0/0/11
group-member GigabitEthernet0/0/12
group-member GigabitEthernet0/0/13
group-member GigabitEthernet0/0/14
group-member GigabitEthernet0/0/15
group-member GigabitEthernet0/0/16
group-member GigabitEthernet0/0/17
group-member GigabitEthernet0/0/18
group-member GigabitEthernet0/0/19      
group-member GigabitEthernet0/0/20
group-member GigabitEthernet0/0/21
group-member GigabitEthernet0/0/22
group-member GigabitEthernet0/0/23
group-member GigabitEthernet0/0/24
#
return




页: [1]
查看完整版本: 华为S5700三层交换机对接OpenPortal实现Portal+MAC快速无感知认证