开启辅助访问 设为首页     收藏本站     HTTPS安全访问
 找回密码
 立即注册

H3C AC 2540E对接OpenPortal实现Mac快速认证+Portal认证

admin 回复:0 | 查看:14686 | 发表于 2017-9-3 20:30:30 |阅读模式 |复制链接
H3C AC 2540E对接OpenPortal实现Mac快速认证+Portal认证

[dekang_wifi_ac]dis cur
#
version 5.20, ESS 3703P61
#
sysname dekang_wifi_ac
#
domain default enable system
#
telnet server enable
#
port-security enable
#
portal server portal ip 192.168.1.200 key cipher $c$3$HvAfoBtP1Df32V1IHvMxT39jK/8wRSw2Kg== url http://192.168.1.200 server-type imc
portal free-rule 0 source ip 202.99.224.68 mask 255.255.255.255 destination ip any
portal free-rule 1 source ip any destination ip 202.99.224.68 mask 255.255.255.255
portal free-rule 2 source ip 192.168.1.200 mask 255.255.255.255 destination ip any
portal free-rule 3 source ip any destination ip 192.168.1.200 mask 255.255.255.255
portal free-rule 4 source ip 192.168.1.201 mask 255.255.255.255 destination ip any
portal free-rule 5 source ip any destination ip 192.168.1.201 mask 255.255.255.255
portal free-rule 6 source ip 192.168.1.1 mask 255.255.255.255 destination ip any
portal free-rule 7 source ip any destination ip 192.168.1.1 mask 255.255.255.255
portal free-rule 8 source interface GigabitEthernet1/0/4 destination any
portal server portal server-detect method http action permit-all interval 600 retry 5
portal mac-trigger server ip 192.168.1.200
portal url-param include user-mac param-name mac
portal url-param include nas-ip param-name basip
portal url-param include ap-mac param-name apmac
portal url-param include user-url param-name url
portal url-param include user-ip param-name wlanuserip
portal url-param include ac-name param-name nasname
portal url-param include ssid param-name ssid
#
wlan auto-ap enable
#
password-recovery enable
#
vlan 1
#
radius scheme portal
primary authentication 192.168.1.200 key cipher $c$3$/AzcOIo1rq2uc2DaQYdO5v/R44pb7xOcgg==
primary accounting 192.168.1.200 key cipher $c$3$DuydrtD6FSjInSJLooQn8ekqG4Zr0cWzeg==
user-name-format without-domain
nas-ip 192.168.1.201
#
domain portal
authentication portal radius-scheme portal
authorization portal radius-scheme portal
accounting portal radius-scheme portal
access-limit disable
state active
idle-cut disable
self-service-url disable
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
traffic classifier af operator and
#
dhcp server ip-pool wifi
network 192.168.1.0 mask 255.255.255.0
gateway-list 192.168.1.201
dns-list 202.99.224.68
domain-name wifi
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$WEnwGMALAExve//zPLv3EIAxvwK0u/NgUpS3GVWcDXub
authorization-attribute level 3
service-type telnet terminal
service-type ftp
service-type web
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan forwarding-policy 1
classifier acl 2000 behavior remote
#
wlan service-template 1 clear
ssid DeKangYiYuan_WIFI
bind WLAN-ESS 0
service-template enable
#
wlan ap-group default_group
ap dk_wifi     
#
interface Cellular1/0/1
async mode protocol
link-protocol ppp
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.1.201 255.255.255.0
portal server portal method direct
portal domain portal
portal nas-ip 192.168.1.201
portal url-param nas-ip 192.168.1.201
portal mac-trigger server ip 192.168.1.200
portal mac-trigger enable
#
interface GigabitEthernet1/0/5
port link-mode route
#
interface GigabitEthernet1/0/6
port link-mode route
#
interface GigabitEthernet1/0/1
port link-mode bridge
#
interface GigabitEthernet1/0/2
port link-mode bridge
#
interface GigabitEthernet1/0/3
port link-mode bridge
#
interface GigabitEthernet1/0/4
port link-mode bridge
#
interface WLAN-ESS0
port link-type hybrid
port hybrid vlan 1 untagged
#
wlan ap dk_wifi model WA4320-ACN-D id 1
serial-id 219801A11H816AE00575
radio 1
  service-template 1
  radio enable
radio 2
  service-template 1
  radio enable
#               
wlan ips
malformed-detect-policy default
signature deauth_flood signature-id 1
signature broadcast_deauth_flood signature-id 2
signature disassoc_flood signature-id 3
signature broadcast_disassoc_flood signature-id 4
signature eapol_logoff_flood signature-id 5
signature eap_success_flood signature-id 6
signature eap_failure_flood signature-id 7
signature pspoll_flood signature-id 8
signature cts_flood signature-id 9
signature rts_flood signature-id 10
signature addba_req_flood signature-id 11
signature-policy default
countermeasure-policy default
attack-detect-policy default
virtual-security-domain default
  attack-detect-policy default
  malformed-detect-policy default
  signature-policy default
  countermeasure-policy default
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
#
dhcp enable
#
ntp-service refclock-master 2
#
load xml-configuration
#
user-interface con 0
user-interface tty 4
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
#
return
[dekang_wifi_ac]  

回复

使用道具 举报

登录 发布 快速回复 返回顶部 返回列表