直接portal认证实验总结

无线直接portal认证

1.组网需求

●用户通过无线SSID接入，根据业务需求，接入用户通过vlan20、vlan30和vlan40，3

个网段接入，AP管理地址使用vlan10网段，所有网关在AC上，并且通过AC上的DHCP 获取地址。

●用户接入时需要启用portal认证。

2.组网图

3.配置思路

●在WX3024E上配置portal功能

●配置IMC服务器

4.配置信息

●AC配置如下：

[H3C_AC-1]disp cu

#

version 5.20, Release 3507P18

#

sysname H3C_AC-1

#

domain default enable h3c

#

telnet server enable

#

port-security enable

#

portal server imc ip 192.168.1.11 key cipher $c$3$JE7u4JeHMC5L06LL4Jl1jaJZB0f86sEz url http://192.168.1.11:8080/portal server-type imc

#

oap management-ip 192.168.0.101 slot 0

#

password-recovery enable

#

vlan 1

#

vlan 10

description to_AP

#

vlan 20

description _User

#

vlan 30

description to_User

#

vlan 40

description to_User

#

vlan 100

description to_IMC

#

vlan 1000

description to_Router

#

radius scheme imc

server-type extended

primary authentication 192.168.1.11

primary accounting 192.168.1.11

key authentication cipher $c$3$q+rBITlcE79qH12EH3xe3Rc8Nj/fcVy1

key accounting cipher $c$3$Uiv1821RWnPK4Mi2fIzd29DJ6yKvp38i

nas-ip 192.168.1.254

#

domain h3c

authentication portal radius-scheme imc

authorization portal radius-scheme imc

accounting portal radius-scheme imc

access-limit disable

state active

idle-cut disable

self-service-url disable

domain system

access-limit disable

state active

idle-cut disable

self-service-url disable

#

dhcp server ip-pool vlan10

network 192.168.10.0 mask 255.255.255.0

gateway-list 192.168.10.254

dns-list 8.8.8.8

option 43 hex 80070000 01C0A80A FE

#

dhcp server ip-pool vlan20

network 172.16.20.0 mask 255.255.255.0

gateway-list 172.16.20.254

dns-list 8.8.8.8

#

dhcp server ip-pool vlan30

network 172.16.30.0 mask 255.255.255.0

gateway-list 172.16.30.254

dns-list 8.8.8.8

#

dhcp server ip-pool vlan40

network 172.16.40.0 mask 255.255.255.0

gateway-list 172.16.40.254

dns-list 8.8.8.8

#

user-group system

group-attribute allow-guest

#

local-user admin

password cipher $c$3$v9m2UEc3AWP3KbkKm480OAgOcpMkD0pD authorization-attribute level 3

service-type telnet

#

wlan rrm

dot11a mandatory-rate 6 12 24

dot11a supported-rate 9 18 36 48 54

dot11b mandatory-rate 1 2

dot11b supported-rate 5.5 11

dot11g mandatory-rate 1 2 5.5 11

dot11g supported-rate 6 9 12 18 24 36 48 54 #

wlan service-template 1 crypto

ssid H3C-VLAN20

bind WLAN-ESS 20

cipher-suite ccmp

security-ie wpa

service-template enable

#

wlan service-template 2 crypto

ssid H3C-VLAN30

bind WLAN-ESS 30

cipher-suite ccmp

security-ie wpa

service-template enable

#

wlan service-template 3 crypto

ssid H3C-VLAN40

bind WLAN-ESS 40

cipher-suite ccmp

security-ie wpa

service-template enable

#

wlan ap-group default_group

ap ap1

#

interface Bridge-Aggregation1

port link-type trunk

undo port trunk permit vlan 1

port trunk permit vlan 10 20 30 40 100 1000 #

interface NULL0

#

interface Vlan-interface1

ip address 192.168.0.100 255.255.255.0

#

interface Vlan-interface10

description to_User

ip address 192.168.10.254 255.255.255.0

#