开启辅助访问 设为首页     收藏本站     HTTPS安全访问
 找回密码
 立即注册

H3C WX6108E-AC Portal mac-trigger MAC快速认证对接OpenPortal配置

admin 回复:0 | 查看:11691 | 发表于 2019-2-26 12:18:52 |只看大图 |阅读模式 |复制链接
H3C WX6108E-AC Portal mac-trigger MAC快速认证对接OpenPortal配置




[NC-2F-H3C-WX6108E-AC1]                       dis cur
#
version 5.20, Release 2509P55
#
sysname NC-2F-H3C-WX6108E-AC1
#
ftp server enable
#
domain default enable system
#
telnet server enable
#
user-isolation vlan 1400 enable
user-isolation vlan 1400 permit-mac 0c12-62b4-f730
#
port-security enable
#
portal server H3C ip 218.89.52.245 key cipher $c$3$IwbWm332lNUsJoN951Nm/YmNwJD/H8C6lg== url http://218.89.52.245 server-type imc
portal free-rule 0 source interface Ten-GigabitEthernet1/0/1 destination any
portal free-rule 1 source ip any destination ip 218.89.52.245 mask 255.255.255.255
portal free-rule 2 source ip any destination ip 61.139.2.69 mask 255.255.255.255
portal url-param include user-mac param-name wlanstamac
portal url-param include nas-ip param-name wlanacip
portal url-param include ap-mac param-name wlanapmac
portal url-param include ac-name param-name wlanacname
portal url-param include user-vlan param-name vlan
portal host-check wlan
#
wlan auto-ap enable
wlan auto-persistent enable
#
password-recovery enable
#
vlan 1
#
vlan 2 to 299
#
vlan 300
description ap1üàívlan
#
vlan 301 to 999
#
vlan 1000
description NC-NOC-òμ??vlan
#
vlan 1001
#
vlan 1002      
description ??DD
#
vlan 1003
description óê?t??
#
vlan 1004
description ?aè??¤VLAN
#
vlan 1005
description μ?á|??
#
vlan 1006
description 1¤DD
#
vlan 1007 to 1099
#
vlan 1100
description ChinaNet
#
vlan 1101 to 1429
#
vlan 1430
description óê?tvlan
#
vlan 1431 to 2000
#
vlan 2002 to 4000
#
vlan 4001
description AP×¢2áVLAN
#
vlan 4002 to 4094
#
radius scheme rs1
primary authentication 218.89.52.245
primary accounting 218.89.52.245
key authentication cipher $c$3$ctOfhmNqVIbjoMRqBkg/M5sL9qCaaClB+w==
key accounting cipher $c$3$Sy3dIx+71rSxoEVKTy32pWsDILUz4yAdcg==
user-name-format without-domain
nas-ip 218.6.130.58
#
domain dm1
authentication portal radius-scheme rs1
authorization portal radius-scheme rs1
accounting portal radius-scheme rs1
access-limit disable
state active
idle-cut enable 5 10240
self-service-url disable
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool nc-noc
network 192.168.99.0 mask 255.255.255.0
gateway-list 192.168.99.1
expired day 3
#
dhcp server ip-pool test
network 22.22.22.0 mask 255.255.255.0
gateway-list 22.22.22.1
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$1d/oO2zlkBCp7E8vnwY0TUj3Ln2qBGMiyaikpSzgZQ==
authorization-attribute level 3
service-type telnet
service-type ftp
service-type web
local-user h3c
password cipher $c$3$xQuBOZiEsDp4aUwq3rKfSn1u2mCOcg==
authorization-attribute level 3
service-type telnet
service-type ftp
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 11
dot11g supported-rate 9 12 18 24 36 48 54
dot11g disabled-rate 1 2 5.5 6
load-balance session 10 gap 1
#
wlan service-template 1 clear
ssid ChinaNet
bind WLAN-ESS 1
service-template enable
#
wlan service-template 10 clear
ssid ChinaNet-EDU
bind WLAN-ESS 10
service-template enable
#
wlan service-template 100 clear
ssid NC-NOC
bind WLAN-ESS 100
service-template enable
#
wlan service-template 101 crypto
ssid WWW
bind WLAN-ESS 101
cipher-suite ccmp
security-ie rsn
service-template enable
#
wlan service-template 102 crypto
ssid TheCover825
bind WLAN-ESS 102
cipher-suite ccmp
security-ie rsn
service-template enable
#
wlan service-template 11 clear
ssid NB-ZYY
bind WLAN-ESS 11
service-template enable
#
wlan service-template 12 clear
ssid teshujiaoyuxuexiao
bind WLAN-ESS 12
service-template enable
#
wlan service-template 13 clear
ssid BC
bind WLAN-ESS 13
service-template enable
#
wlan service-template 14 clear
ssid NC-NOC
bind WLAN-ESS 14
client max-count 10
service-template enable
#
wlan service-template 1430 clear
ssid YZWD
bind WLAN-ESS 1431
service-template enable
#
wlan service-template 1500 clear
ssid YZWD
bind WLAN-ESS 1430
service-template enable
#
wlan service-template 2 clear
ssid ABC-SC-WIFI
bind WLAN-ESS 2
service-template enable
#
wlan service-template 3 clear
ssid NCYZ-RMZL
bind WLAN-ESS 3
service-template enable
#
wlan service-template 4 clear
ssid NCZQ      
bind WLAN-ESS 4
service-template enable
#
wlan service-template 5 clear
ssid NCYZ
bind WLAN-ESS 5
service-template enable
#
wlan service-template 6 clear
ssid 95598
bind WLAN-ESS 6
service-template enable
#
wlan service-template 7 clear
ssid ICBC
bind WLAN-ESS 7
service-template enable
#
wlan service-template 8 clear
ssid diwanggong
bind WLAN-ESS 8
service-template enable
#               
wlan service-template 89 clear
ssid CS
bind WLAN-ESS 89
service-template enable
#
wlan service-template 9 clear
ssid fangguanju
bind WLAN-ESS 9
service-template enable
#
wlan service-template 90 clear
ssid ChinaNet-JYSD
bind WLAN-ESS 90
client-rate-limit direction inbound mode static cir 4000
client-rate-limit direction outbound mode static cir 4000
service-template enable
#
wlan service-template 91 clear
ssid aWIFI
bind WLAN-ESS 91
service-template enable
#
wlan service-template 92 clear
ssid TEST
bind WLAN-ESS 92
service-template enable
#
wlan service-template 93 clear
ssid TheCover
bind WLAN-ESS 93
service-template enable
#
wlan service-template 94 clear
ssid huaxi
bind WLAN-ESS 94
service-template enable
#
wlan service-template 95 clear
ssid ChinaNet
bind WLAN-ESS 95
service-template enable
#
wlan service-template 96 clear
ssid TEST
bind WLAN-ESS 96
service-template enable
#
wlan service-template 97 clear
ssid test
bind WLAN-ESS 97
service-template enable
#
wlan service-template 98 clear
ssid xiangjia
bind WLAN-ESS 98
service-template enable
#
wlan service-template 99 clear
ssid ?T??í???2?
bind WLAN-ESS 99
service-template enable
#
wlan ap-group default_group
ap ap1
ap ap2
ap ap3
ap ap4
ap ap5
ap ap6         
ap ap10
ap ap100
ap ap1_0001
ap ap1_0002
ap ap1_0003
ap ap1_0004
ap ap1_0005
ap ap1_0006
ap ap1_0007
ap ap1_0008
ap ap1_0009
ap ap1_0010
ap ap1_0011
ap ap1_0012
ap ap1_0013
ap ap1_0014
ap ap1_0015
ap jysd-3f-v1
ap jysd-3f-v2
ap jysd-3f-v3
ap jysd-3f-v4
ap jysd-3f-v5
ap jysd-3f-v6  
ap jysd-3f-v7
ap jysd-3f-v8
ap jysd-3f-v9
ap jysd-4f-a2
ap jysd-4f-a3
ap jysd-4f-a5
ap jysd-4f-a6
ap jysd-4f-a8
ap jysd-2f-gym
ap jysd-6f-601
ap jysd-6f-603
ap jysd-6f-605
ap jysd-6f-606
ap jysd-6f-607
ap jysd-6f-608
ap jysd-6f-609
ap jysd-6f-610
ap jysd-6f-612
ap jysd-7f-701
ap jysd-7f-702
ap jysd-7f-703
ap jysd-7f-705
ap jysd-7f-706
ap jysd-7f-707
ap jysd-7f-709
ap jysd-7f-710
ap jysd-7f-711
ap jysd-7f-712
ap jysd-7f-715
ap jysd-7f-716
ap jysd-8f-801
ap jysd-8f-803
ap jysd-8f-806
ap jysd-8f-807
ap jysd-8f-809
ap jysd-8f-811
ap jysd-8f-813
ap jysd-8f-817
ap jysd-8f-818
ap jysd-9f-901
ap jysd-9f-903
ap jysd-9f-906
ap jysd-9f-909
ap jysd-9f-911
ap jysd-9f-915
ap jysd-9f-917
ap jysd-9f-918
ap jysd-1f-hair
ap jysd-b1-room
ap jysd-10f-1001
ap jysd-10f-1003
ap jysd-10f-1006
ap jysd-10f-1007
ap jysd-10f-1009
ap jysd-10f-1011
ap jysd-10f-1015
ap jysd-10f-1017
ap jysd-10f-1018
ap jysd-11f-1103
ap jysd-11f-1106
ap jysd-11f-1109
ap jysd-11f-1115
ap jysd-11f-1117
ap jysd-11f-1118
ap jysd-12f-1201
ap jysd-12f-1203
ap jysd-12f-1206
ap jysd-12f-1207
  ---- More ----

#
interface NULL0
#
interface Vlan-interface90
#
interface Vlan-interface143
#
interface Vlan-interface300
ip address 192.168.99.1 255.255.255.0
#
interface Vlan-interface1004
#
interface Vlan-interface1430
portal server H3C method direct
portal domain dm1
portal nas-ip 218.6.130.58
#
interface Vlan-interface3000
ip address 22.22.22.1 255.255.255.0
#
interface Vlan-interface4000
ip address 218.6.130.58 255.255.255.252
#
interface Vlan-interface4001
ip address 10.0.0.2 255.255.255.240
#
interface M-GigabitEthernet1/0/0
ip address 192.168.1.100 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan all
#
interface Ten-GigabitEthernet1/0/2
port link-type trunk
port trunk permit vlan all
shutdown
#
interface WLAN-ESS1
port access vlan 1100
#
interface WLAN-ESS2
port access vlan 1002
#
interface WLAN-ESS3
#
interface WLAN-ESS4
#
interface WLAN-ESS5
#               
interface WLAN-ESS6
#
interface WLAN-ESS7
port access vlan 1006
#
interface WLAN-ESS8
port access vlan 1100
#
interface WLAN-ESS9
port access vlan 2101
#
interface WLAN-ESS10
port access vlan 2000
#
interface WLAN-ESS11
port access vlan 2100
#
interface WLAN-ESS12
port access vlan 1200
#
interface WLAN-ESS13
port access vlan 2102
#               
interface WLAN-ESS14
port access vlan 1000
#
interface WLAN-ESS15
#
interface WLAN-ESS16
#
interface WLAN-ESS89
port access vlan 1420
#
interface WLAN-ESS90
port access vlan 1400
#
interface WLAN-ESS91
port access vlan 1410
#
interface WLAN-ESS92
port access vlan 1400
#
interface WLAN-ESS93
port access vlan 1500
#
interface WLAN-ESS94
port access vlan 1500
#
interface WLAN-ESS95
port access vlan 1500
#
interface WLAN-ESS96
port access vlan 2102
#
interface WLAN-ESS97
port access vlan 1100
#
interface WLAN-ESS98
port access vlan 1009
#
interface WLAN-ESS99
port access vlan 1500
#
interface WLAN-ESS100
port access vlan 1100
#
interface WLAN-ESS101
port link-type hybrid
port hybrid vlan 1 1500 untagged
port hybrid pvid vlan 1500
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher $c$3$fvOmjTxbD/TDNuda0f++tMM1XcjAvioMoks6nT5+
#
interface WLAN-ESS102
port link-type hybrid
port hybrid vlan 1 1500 untagged
port hybrid pvid vlan 1500
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher $c$3$FyTdsPbQAaJ6zfOPxLqJ5+f3gEHpmzGfT0AWtS2C
#
interface WLAN-ESS1430
description portal test
#
interface WLAN-ESS1431
port access vlan 1430
#
interface WLAN-ESS1500
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 1500 untagged
port hybrid pvid vlan 1500
#
wlan ap 0cda-4106-7760 model WA2612 id 64
priority level 7
serial-id 219801A0E8C133005889
radio 1
  service-template 9
  radio enable
#
wlan ap 0cda-4106-79c0 model WA2612 id 58
priority level 7
serial-id 219801A0E8C133005927
radio 1
  service-template 9
  radio enable
#

#
wlan load-balance-group 1
description μ?D?3o??¥2?¥°ì1?êò
ap dx-3hao-2f-office-1 radio 1
ap dx-3hao-2f-office-1 radio 2
ap dx-3hao-2f-office-6 radio 1
ap dx-3hao-2f-office-6 radio 2
ap dx-3hao-2f-office-8 radio 1
ap dx-3hao-2f-office-8 radio 2
ap dx-3hao-2f-office-7 radio 1
ap dx-3hao-2f-office-7 radio 2
ap dx-3hao-2f-office-3 radio 1
ap dx-3hao-2f-office-3 radio 2
ap dx-3hao-2f-office-2 radio 1
ap dx-3hao-2f-office-2 radio 2
ap dx-3hao-2f-office-9 radio 1
ap dx-3hao-2f-office-9 radio 2
ap dx-3hao-2f-office-4 radio 1
ap dx-3hao-2f-office-4 radio 2
ap dx-3hao-2f-office-5 radio 1
ap dx-3hao-2f-office-5 radio 2
ap dx-3hao-2f-office-10 radio 1
ap dx-3hao-2f-office-10 radio 2
#
wlan ips
malformed-detect-policy default
signature deauth_flood signature-id 1
signature broadcast_deauth_flood signature-id 2
signature disassoc_flood signature-id 3
signature broadcast_disassoc_flood signature-id 4
signature eapol_logoff_flood signature-id 5
signature eap_success_flood signature-id 6
signature eap_failure_flood signature-id 7
signature pspoll_flood signature-id 8
signature cts_flood signature-id 9
signature rts_flood signature-id 10
signature addba_req_flood signature-id 11
signature-policy default
countermeasure-policy default
attack-detect-policy default
virtual-security-domain default
  attack-detect-policy default
  malformed-detect-policy default
  signature-policy default
  countermeasure-policy default
#
ip route-static 0.0.0.0 0.0.0.0 218.6.130.57
ip route-static 10.10.10.0 255.255.255.0 10.0.0.14
ip route-static 10.10.20.0 255.255.255.0 10.0.0.14
ip route-static 10.10.30.0 255.255.255.0 10.0.0.14
ip route-static 10.10.40.0 255.255.255.0 10.0.0.14
ip route-static 10.10.50.0 255.255.255.0 10.0.0.14
ip route-static 10.10.60.0 255.255.255.0 10.0.0.14
ip route-static 10.10.70.0 255.255.255.0 10.0.0.14
ip route-static 10.10.80.0 255.255.255.0 10.0.0.14
ip route-static 10.10.90.0 255.255.255.0 10.0.0.14
ip route-static 10.10.100.0 255.255.255.0 10.0.0.14
ip route-static 10.10.110.0 255.255.255.0 10.0.0.14
ip route-static 10.10.120.0 255.255.255.0 10.0.0.14
ip route-static 10.10.130.0 255.255.255.0 10.0.0.14
#
undo info-center enable
undo info-center logfile enable
#
snmp-agent
snmp-agent local-engineid 800063A2035CDD70C3B930
snmp-agent community read public
snmp-agent sys-info version all
#
dhcp enable
#
arp-snooping enable
#
wlan option client-reject 15
wlan option client-reconnect-trigger 20
wlan option roam-navigation level 10 20 1
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
#
return
[NC-2F-H3C-WX6108E-AC1]                 



回复

使用道具 举报

登录 发布 快速回复 返回顶部 返回列表