H3C-WX2510H对接OpenPortal网络准入认证计费系统实现Mac快速认证+Portal认证
介绍:OpenPortal网络准入认证计费系统包含Portal协议认证系统+Radius AAA认证计费授权系统,支持CMCC V1 V2协议标准,华为Portal协议V1 V2等,支持Radius协议RFC2865,RFC2866标准,支持CMCC标准mac-trigger协议和mac auth标准的MAC优先的MAC快速认证、无感知认证,支持限速策略下发、ACL下发、ip-pool下发等一系列接入策略配置。
支持用户名密码认证、短信认证、钉钉授权认证、微信认证、公众号认证、答题认证、视频倒计时认证、人脸识别认证、访客二维码授权认证、LDAP AD域结合认证、第三方OA系统扩展认证等等各种认证模式,支持二次代拨认证等技术,支持用户自助注册,自行选择计费套餐进行支付宝、微信自助缴费等。
详细情况可以加入QQ群:119688084 ,或咨询QQ/WX:25901875
需求:
传统各种品牌杂牌有线+无线网络拓扑条件下,最小成本进行网络改造调整,实现支持MAC快速认证优先的Portal认证网络接入模式。
引入很香的H3C-WX2510H控制器作为多业务接入网关,具体型号可以根据自己的用户量来选型。
H3C-WX2510H可作为PPPoe拨号、专线连接的出口网关,并且该设备支持L2TP组建VPN网络(云认证计费服务部署模式下),该设备支持mac-trigger协议的MAC快速无感知认证+Portal协议。
具体拓扑如下:
设备配置:dis cur # version 7.1.064, Release 5226# sysname H3C-WX2510H# telnet server enable# dhcp enable# password-recovery enable#vlan 1#vlan 100#vlan 200#vlan 300#dhcp server ip-pool lan gateway-list 192.168.10.1 network 192.168.10.0 mask 255.255.255.0 dns-list 114.114.114.114 8.8.8.8 forbidden-ip 192.168.10.1 forbidden-ip 192.168.10.10#dhcp server ip-pool wlan gateway-list 172.16.0.1 network 172.16.0.0 mask 255.255.255.0 dns-list 114.114.114.114 8.8.8.8 forbidden-ip 172.16.0.1 forbidden-ip 172.16.0.10#interface NULL0#interface Vlan-interface100 ip address dhcp-alloc nat outbound undo dhcp select server#interface Vlan-interface200 ip address 172.16.0.1 255.255.255.0 dhcp server apply ip-pool wlan portal enable method direct portal domain portal portal bas-ip 192.168.10.1 portal apply web-server portal portal apply mac-trigger-server portal portal outbound-filter enable#interface Vlan-interface300 ip address 192.168.10.1 255.255.255.0 dhcp server apply ip-pool lan#interface GigabitEthernet1/0/1 port link-mode bridge port access vlan 300#interface GigabitEthernet1/0/2 port link-mode bridge port access vlan 300#interface GigabitEthernet1/0/3 port link-mode bridge port access vlan 300#interface GigabitEthernet1/0/4 port link-mode bridge port access vlan 200 poe enable #interface GigabitEthernet1/0/5 port link-mode bridge port access vlan 100# scheduler logfile size 16#line class console user-role network-admin#line class vty user-role network-operator#line con 0 user-role network-admin#line vty 0 31 authentication-mode scheme user-role network-operator# undo info-center logfile enable# radius session-control enable#radius scheme portal primary authentication 192.168.10.10 primary accounting 192.168.10.10 key authentication cipher $c$3$De1ugz33CW5QlT3ePSVbIEjq7HGVMOeFbw== key accounting cipher $c$3$XK267tGaoBesgFjlS4j3jPV6gmAjMuW9/w== timer realtime-accounting 5 user-name-format without-domain nas-ip 192.168.10.1#radius dynamic-author server client ip 192.168.10.10 key cipher $c$3$0n+PybswB5i2lFyTMcxl/0QI3DPep1p1Cg==#domain portal authorization-attribute idle-cut 600 10240 authentication portal radius-scheme portal authorization portal radius-scheme portal accounting portal radius-scheme portal#domain system# domain default enable system# role name level-0 description Predefined level-0 role#role name level-1 description Predefined level-1 role#role name level-2 description Predefined level-2 role#role name level-3 description Predefined level-3 role#role name level-4 description Predefined level-4 role#role name level-5 description Predefined level-5 role#role name level-6 description Predefined level-6 role#role name level-7 description Predefined level-7 role#role name level-8 description Predefined level-8 role#role name level-9 description Predefined level-9 role#role name level-10 description Predefined level-10 role#role name level-11 description Predefined level-11 role#role name level-12 description Predefined level-12 role#role name level-13 description Predefined level-13 role#role name level-14 description Predefined level-14 role#user-group system#local-user admin class manage password hash $h$6$nbriu0HPMsFsLmp2$bbsSbj0+ohrhZfas8qeXTSg9iZvVEuPHjQdUN896BzeKhbt4R3W0jejeQO8n+lvQowVbH2jLLS/TzDvHDrdpjA== service-type telnet http https authorization-attribute user-role network-admin# portal nas-port-id format 4 portal host-check enable portal free-rule 0 source ip 192.168.10.10 255.255.255.255 destination ip any portal free-rule 1 source ip any destination ip 192.168.10.10 255.255.255.255 portal free-rule 2 source ip 172.16.0.1 255.255.255.255 destination ip any portal free-rule 3 source ip any destination ip 172.16.0.1 255.255.255.255 portal free-rule 4 source ip 172.16.0.10 255.255.255.255 destination ip any portal free-rule 5 source ip any destination ip 172.16.0.10 255.255.255.255 portal free-rule 10 source ip 114.114.114.114 255.255.255.255 destination ip any portal free-rule 11 source ip any destination ip 114.114.114.114 255.255.255.255 portal free-rule 12 source ip 8.8.8.8 255.255.255.255 destination ip any portal free-rule 13 source ip any destination ip 8.8.8.8 255.255.255.255#portal web-server portal url http://192.168.10.10 server-type cmcc url-parameter basip value 192.168.10.1 url-parameter mac source-mac url-parameter url original-url url-parameter vlan vlan url-parameter wlanuserip source-address#portal server portal ip 192.168.10.10 key cipher $c$3$m3+fMyRYhKD8NHD6x+m4WIP1D4fQ7ZgSRw== server-type cmcc# ip http enable ip https enable#portal mac-trigger-server portal ip 192.168.10.10 key cipher $c$3$5QU0xgzExFYbgdjriMIy7148QKSzsOacwQ== server-type cmcc binding-retry 1 aaa-fail nobinding enable#wlan global-configuration#wlan ap-group default-group vlan 1#
return
OpenPortal对接截图:https://img-blog.csdnimg.cn/20211010034913136.png?x-oss-process=image/watermark,type_ZHJvaWRzYW5zZmFsbGJhY2s,shadow_50,text_Q1NETiBAbGlzaHVvY29vbA==,size_20,color_FFFFFF,t_70,g_se,x_16https://img-blog.csdnimg.cn/20211010034951384.png?x-oss-process=image/watermark,type_ZHJvaWRzYW5zZmFsbGJhY2s,shadow_50,text_Q1NETiBAbGlzaHVvY29vbA==,size_20,color_FFFFFF,t_70,g_se,x_16https://img-blog.csdnimg.cn/20211010034958206.png?x-oss-process=image/watermark,type_ZHJvaWRzYW5zZmFsbGJhY2s,shadow_50,text_Q1NETiBAbGlzaHVvY29vbA==,size_20,color_FFFFFF,t_70,g_se,x_16https://img-blog.csdnimg.cn/20211010035013326.png?x-oss-process=image/watermark,type_ZHJvaWRzYW5zZmFsbGJhY2s,shadow_50,text_Q1NETiBAbGlzaHVvY29vbA==,size_20,color_FFFFFF,t_70,g_se,x_16https://img-blog.csdnimg.cn/20211010035034171.png?x-oss-process=image/watermark,type_ZHJvaWRzYW5zZmFsbGJhY2s,shadow_50,text_Q1NETiBAbGlzaHVvY29vbA==,size_20,color_FFFFFF,t_70,g_se,x_16https://img-blog.csdnimg.cn/202110100350552.png?x-oss-process=image/watermark,type_ZHJvaWRzYW5zZmFsbGJhY2s,shadow_50,text_Q1NETiBAbGlzaHVvY29vbA==,size_20,color_FFFFFF,t_70,g_se,x_16https://img-blog.csdnimg.cn/20211010035102864.png?x-oss-process=image/watermark,type_ZHJvaWRzYW5zZmFsbGJhY2s,shadow_50,text_Q1NETiBAbGlzaHVvY29vbA==,size_20,color_FFFFFF,t_70,g_se,x_16https://img-blog.csdnimg.cn/20211010035122149.png?x-oss-process=image/watermark,type_ZHJvaWRzYW5zZmFsbGJhY2s,shadow_50,text_Q1NETiBAbGlzaHVvY29vbA==,size_20,color_FFFFFF,t_70,g_se,x_16https://img-blog.csdnimg.cn/20211010035140409.png?x-oss-process=image/watermark,type_ZHJvaWRzYW5zZmFsbGJhY2s,shadow_50,text_Q1NETiBAbGlzaHVvY29vbA==,size_20,color_FFFFFF,t_70,g_se,x_16https://img-blog.csdnimg.cn/20211010035153199.png?x-oss-process=image/watermark,type_ZHJvaWRzYW5zZmFsbGJhY2s,shadow_50,text_Q1NETiBAbGlzaHVvY29vbA==,size_20,color_FFFFFF,t_70,g_se,x_16https://img-blog.csdnimg.cn/20211010035202457.png?x-oss-process=image/watermark,type_ZHJvaWRzYW5zZmFsbGJhY2s,shadow_50,text_Q1NETiBAbGlzaHVvY29vbA==,size_20,color_FFFFFF,t_70,g_se,x_16https://img-blog.csdnimg.cn/2021101003591287.png?x-oss-process=image/watermark,type_ZHJvaWRzYW5zZmFsbGJhY2s,shadow_50,text_Q1NETiBAbGlzaHVvY29vbA==,size_20,color_FFFFFF,t_70,g_se,x_16https://img-blog.csdnimg.cn/20211010040027312.png?x-oss-process=image/watermark,type_ZHJvaWRzYW5zZmFsbGJhY2s,shadow_50,text_Q1NETiBAbGlzaHVvY29vbA==,size_20,color_FFFFFF,t_70,g_se,x_16
页:
[1]