开启辅助访问 设为首页     收藏本站     HTTPS安全访问
 找回密码
 立即注册

华为S5700 对接OpenPortal Portal协议WEB认证WIFI认证系统 Radius方式配置

admin 回复:0 | 查看:16133 | 发表于 2015-11-30 11:16:02 |阅读模式 |复制链接
华为S5700 对接OpenPortal Portal协议WEB认证WIFI认证系统 Radius方式配置


<ZDHZ-3LAYS>dis cur
#
!Software Version V200R001C00SPC300
sysname ZDHZ-3LAYS
#
vlan batch 100 200
#
web-auth-server version v2
portal free-rule 0 source ip 27.103.192.100 mask 255.255.255.255
portal free-rule 1 destination ip 27.103.192.100 mask 255.255.255.255
portal free-rule 2 destination ip 27.103.192.1 mask 255.255.255.255
portal free-rule 3 destination ip 27.103.32.1 mask 255.255.255.255
portal free-rule 4 destination ip 27.103.20.1 mask 255.255.255.255
portal free-rule 5 destination ip 27.103.192.6 mask 255.255.255.255
portal free-rule 6 source ip 27.103.192.6 mask 255.255.255.255
portal free-rule 7 source ip 27.103.192.1 mask 255.255.255.255
portal free-rule 8 source ip 27.103.20.1 mask 255.255.255.255
portal free-rule 9 source ip 27.103.32.1 mask 255.255.255.255
#
http server load s5700si-v200r001c00.001.web.zip
#
undo nap slave enable
#
dhcp enable
#
radius-server template radius            
radius-server shared-key simple LeeSon
radius-server authentication 27.103.192.6 1812
radius-server accounting 27.103.192.6 1813
radius-server retransmit 2
#
acl name JZW-BGW 3999
rule 1000 permit ip source 27.103.192.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
rule 1001 permit ip source 192.168.1.0 0.0.0.255 destination 27.103.192.0 0.0.0.255
rule 1002 deny ip
#
web-auth-server openportal
server-ip 27.103.192.6
port 50100
shared-key cipher %$%$o%Dc%Q_i@QFB3l"6E@U(:YPG%$%$
url http://27.103.192.6
source-ip 27.103.192.100
#
vlan 200
description bgw
#
aaa
authentication-scheme default
authentication-scheme radius
  authentication-mode radius              
authorization-scheme default
accounting-scheme default
accounting-scheme radius
  accounting-mode radius
domain default
domain default_admin
domain leeson.com
  authentication-scheme radius
  accounting-scheme radius
  radius-server  radius
local-user admin password cipher %$%$O9hP7mbf4Q#E\vU4j#wX3ypg%$%$
local-user admin service-type http
local-user leeson password cipher %$%$f(>dEQ;]KHB]^6Ycod8&ywne%$%$
local-user leeson privilege level 15
#
interface Vlanif100
ip address 27.103.192.100 255.255.255.0
web-auth-server openportal layer3
#
interface Vlanif200
ip address 192.168.1.254 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 192.168.1.32
dhcp server excluded-ip-address 192.168.1.100 192.168.1.102
dhcp server excluded-ip-address 192.168.1.200
dhcp server excluded-ip-address 192.168.1.245 192.168.1.253
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 100
traffic-filter inbound acl name JZW-BGW
traffic-filter outbound acl name JZW-BGW
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/5            
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/8
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/9
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/10
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/11           
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/12
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/13
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/14
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/15
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/16
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/17           
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/18
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/19
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/20
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/21
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/22
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/23           
port link-type access
port default vlan 200
#
interface GigabitEthernet0/0/24
port link-type access
port default vlan 200
#
interface NULL0
#
ip route-static 27.103.20.0 255.255.255.0 27.103.192.1
ip route-static 27.103.32.0 255.255.255.0 27.103.192.1
ip route-static 27.103.192.0 255.255.255.0 Vlanif100
ip route-static 192.168.1.0 255.255.255.0 Vlanif200
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$bm3NDz%<NBQZ!^P.Awa2,!ulykCGCf0A+7D]X9=HL}YH#'{v%$%$
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
user-interface vty 16 20
#
port-group bgw
group-member GigabitEthernet0/0/9        
group-member GigabitEthernet0/0/10
group-member GigabitEthernet0/0/11
group-member GigabitEthernet0/0/12
group-member GigabitEthernet0/0/13
group-member GigabitEthernet0/0/14
group-member GigabitEthernet0/0/15
group-member GigabitEthernet0/0/16
group-member GigabitEthernet0/0/17
group-member GigabitEthernet0/0/18
group-member GigabitEthernet0/0/19
group-member GigabitEthernet0/0/20
group-member GigabitEthernet0/0/21
group-member GigabitEthernet0/0/22
group-member GigabitEthernet0/0/23
group-member GigabitEthernet0/0/24
group-member GigabitEthernet0/0/1
group-member GigabitEthernet0/0/2
group-member GigabitEthernet0/0/3
group-member GigabitEthernet0/0/4
group-member GigabitEthernet0/0/5
group-member GigabitEthernet0/0/6
group-member GigabitEthernet0/0/7
group-member GigabitEthernet0/0/8
#                                         
return
<ZDHZ-3LAYS>

回复

使用道具 举报

登录 发布 快速回复 返回顶部 返回列表