直接portal认证实验总结
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
无线直接portal认证
1.组网需求
●用户通过无线SSID接入,根据业务需求,接入用户通过vlan20、vlan30和vlan40,3
个网段接入,AP管理地址使用vlan10网段,所有网关在AC上,并且通过AC上的DHCP 获取地址。
●用户接入时需要启用portal认证。
2.组网图
3.配置思路
●在WX3024E上配置portal功能
●配置IMC服务器
4.配置信息
●AC配置如下:
[H3C_AC-1]disp cu
#
version 5.20, Release 3507P18
#
sysname H3C_AC-1
#
domain default enable h3c
#
telnet server enable
#
port-security enable
#
portal server imc ip 192.168.1.11 key cipher $c$3$JE7u4JeHMC5L06LL4Jl1jaJZB0f86sEz url http://192.168.1.11:8080/portal server-type imc
#
oap management-ip 192.168.0.101 slot 0
#
password-recovery enable
#
vlan 1
#
vlan 10
description to_AP
#
vlan 20
description _User
#
vlan 30
description to_User
#
vlan 40
description to_User
#
vlan 100
description to_IMC
#
vlan 1000
description to_Router
#
radius scheme imc
server-type extended
primary authentication 192.168.1.11
primary accounting 192.168.1.11
key authentication cipher $c$3$q+rBITlcE79qH12EH3xe3Rc8Nj/fcVy1
key accounting cipher $c$3$Uiv1821RWnPK4Mi2fIzd29DJ6yKvp38i
nas-ip 192.168.1.254
#
domain h3c
authentication portal radius-scheme imc
authorization portal radius-scheme imc
accounting portal radius-scheme imc
access-limit disable
state active
idle-cut disable
self-service-url disable
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool vlan10
network 192.168.10.0 mask 255.255.255.0
gateway-list 192.168.10.254
dns-list 8.8.8.8
option 43 hex 80070000 01C0A80A FE
#
dhcp server ip-pool vlan20
network 172.16.20.0 mask 255.255.255.0
gateway-list 172.16.20.254
dns-list 8.8.8.8
#
dhcp server ip-pool vlan30
network 172.16.30.0 mask 255.255.255.0
gateway-list 172.16.30.254
dns-list 8.8.8.8
#
dhcp server ip-pool vlan40
network 172.16.40.0 mask 255.255.255.0
gateway-list 172.16.40.254
dns-list 8.8.8.8
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$v9m2UEc3AWP3KbkKm480OAgOcpMkD0pD authorization-attribute level 3
service-type telnet
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54 #
wlan service-template 1 crypto
ssid H3C-VLAN20
bind WLAN-ESS 20
cipher-suite ccmp
security-ie wpa
service-template enable
#
wlan service-template 2 crypto
ssid H3C-VLAN30
bind WLAN-ESS 30
cipher-suite ccmp
security-ie wpa
service-template enable
#
wlan service-template 3 crypto
ssid H3C-VLAN40
bind WLAN-ESS 40
cipher-suite ccmp
security-ie wpa
service-template enable
#
wlan ap-group default_group
ap ap1
#
interface Bridge-Aggregation1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 10 20 30 40 100 1000 #
interface NULL0
#
interface Vlan-interface1
ip address 192.168.0.100 255.255.255.0
#
interface Vlan-interface10
description to_User
ip address 192.168.10.254 255.255.255.0
#