《直接portal认证实验总结》由会员分享,可在线阅读,更多相关《直接portal认证实验总结(11页珍藏版)》请在金锄头文库上搜索。
1、直接portal认证实验总结 无线直接portal认证 1.组网需求 用户通过无线SSID接入,根据业务需求,接入用户通过vlan20、vlan30和vlan40,3 个网段接入,AP管理地址使用vlan10网段,所有网关在AC上,并且通过AC上的DHCP 获取地址。 用户接入时需要启用portal认证。 2.组网图 3.配置思路 在WX3024E上配置portal功能 配置IMC服务器 4.配置信息 AC配置如下: H3C_AC-1disp cu # version 5.20, Release 3507P18 # sysname H3C_AC-1 # domain default enabl
2、e h3c # telnet server enable # port-security enable # portal server imc ip 192.168.1.11 key cipher $c$3$JE7u4JeHMC5L06LL4Jl1jaJZB0f86sEz url http:/192.168.1.11:8080/portal server-type imc # oap management-ip 192.168.0.101 slot 0 # password-recovery enable # vlan 1 # vlan 10 description to_AP # vlan
3、20 description _User # vlan 30 description to_User # vlan 40 description to_User # vlan 100 description to_IMC # vlan 1000 description to_Router # radius scheme imc server-type extended primary authentication 192.168.1.11 primary accounting 192.168.1.11 key authentication cipher $c$3$q+rBITlcE79qH12
4、EH3xe3Rc8Nj/fcVy1 key accounting cipher $c$3$Uiv1821RWnPK4Mi2fIzd29DJ6yKvp38i nas-ip 192.168.1.254 # domain h3c authentication portal radius-scheme imc authorization portal radius-scheme imc accounting portal radius-scheme imc access-limit disable state active idle-cut disable self-service-url disab
5、le domain system access-limit disable state active idle-cut disable self-service-url disable # dhcp server ip-pool vlan10 network 192.168.10.0 mask 255.255.255.0 gateway-list 192.168.10.254 dns-list 8.8.8.8 option 43 hex 80070000 01C0A80A FE # dhcp server ip-pool vlan20 network 172.16.20.0 mask 255.
6、255.255.0 gateway-list 172.16.20.254 dns-list 8.8.8.8 # dhcp server ip-pool vlan30 network 172.16.30.0 mask 255.255.255.0 gateway-list 172.16.30.254 dns-list 8.8.8.8 # dhcp server ip-pool vlan40 network 172.16.40.0 mask 255.255.255.0 gateway-list 172.16.40.254 dns-list 8.8.8.8 # user-group system gr
7、oup-attribute allow-guest # local-user admin password cipher $c$3$v9m2UEc3AWP3KbkKm480OAgOcpMkD0pD authorization-attribute level 3 service-type telnet # wlan rrm dot11a mandatory-rate 6 12 24 dot11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-
8、rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54 # wlan service-template 1 crypto ssid H3C-VLAN20 bind WLAN-ESS 20 cipher-suite ccmp security-ie wpa service-template enable # wlan service-template 2 crypto ssid H3C-VLAN30 bind WLAN-ESS 30 cipher-suite ccmp security-ie wpa service-template
9、 enable # wlan service-template 3 crypto ssid H3C-VLAN40 bind WLAN-ESS 40 cipher-suite ccmp security-ie wpa service-template enable # wlan ap-group default_group ap ap1 # interface Bridge-Aggregation1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 10 20 30 40 100 1000 # in
10、terface NULL0 # interface Vlan-interface1 ip address 192.168.0.100 255.255.255.0 # interface Vlan-interface10 description to_User ip address 192.168.10.254 255.255.255.0 # interface Vlan-interface20 description to_User ip address 172.16.20.254 255.255.255.0 portal server imc method direct # interfac
11、e Vlan-interface30 description to_User ip address 172.16.30.254 255.255.255.0 # interface Vlan-interface40 description to_User_vlan40 ip address 172.16.40.254 255.255.255.0 # interface Vlan-interface100 description to_IMC ip address 192.168.1.254 255.255.255.0 # interface Vlan-interface1000 descript
12、ion to_Router ip address 10.1.1.2 255.255.255.252 # interface GigabitEthernet1/0/1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 10 20 30 40 100 1000 port link-aggregation group 1 # interface GigabitEthernet1/0/2 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 10 20 30 40 100 1000 port link-aggregation group 1 # interface WLAN-ESS20 port access vlan 20 port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase 12345678 # interface WLAN-ESS30 port access vlan 30 port-security port-mo