网络配置——portal服务器配置

Portal服务器是基于web进行认证的机制，属于B/S架构。通过和RADIUS进行配合，可以呈现用户连网弹网页，输入用户名密码后即可上网。

当前portal认真的相关版本：

各家厂家的版本各有差异，公有标准的为portal2.0标准。

而portal3.0是为IPv6进行的适配。

 这里H3C的portal2.0是CMCC的标准。也是通用标准接口。

H3C AC相关配置：

版本V5，型号：LSQ1WCMD0（板卡式AC）

配置portal认证：

portal server sundray_portal ip 10.0.10.22 url http://10.0.10.22/?url_id=1607641 server-type cmcc      #配置URL及协议版本

portal free-rule 3 source ip 10.10.160.0 mask 255.255.224.0 destination ip any                                     #白名单，写入后网段或Ip地址或端口不用进行认证。

portal wlan ssid Expo_Center_Free server sundray_portal domain dsf-portal                                          #SSID号和domain想对应

portal mac-trigger server ip 10.0.10.22

 #配置URL代的参数                                                                                                    

portal url-param include user-mac
portal url-param include nas-ip param-name wlanacip
portal url-param include ap-mac param-name apmac
portal url-param include user-url
portal url-param include user-ip

portal其他参数：

portal host-check wlan
portal silent ios optimize
portal safe-redirect enable
portal safe-redirect method get post
portal safe-redirect user-agent Andriod
portal safe-redirect user-agent CaptiveNetworkSupport

配置radius参数：

radius scheme dsf-portal
server-type extended
primary authentication 10.0.10.22
primary accounting 10.0.10.22     
key authentication cipher $c$3$6FpFlPjx7jpCsVhgflm6nH8YiOrEnAuT+w==     #默认为123456
key accounting cipher $c$3$LRr7EjHcuPutYY0eopNZgytQc9FIUx7+hw==         #该为计费系统的秘钥：默认123456
user-name-format without-domain
nas-ip 10.0.2.246
accounting-on enable interval 15 

配置域名：

domain dsf-portal
authentication portal radius-scheme dsf-portal
authorization portal radius-scheme dsf-portal
accounting portal radius-scheme dsf-portal
access-limit disable
state active
idle-cut enable 5 10240
self-service-url disable  

 

华为portal认证配置：

Huawei AC6605   版本：V200R006C10SPC100

radius-server template ndkey-wcc-radius
radius-server shared-key cipher %^%##]iND0f2x8p_=EWjzY2.I`(FUy/INB>`7_:+~f+I%^%#
radius-server authentication 10.0.10.22 1812 weight 80
radius-server accounting 10.0.10.22 1813 weight 80
radius-server authorization 10.0.10.22 shared-key cipher %^%#{"E%OMEJ31zjZtU(7U*/C~Q#/n6gX+;nqtMMxI^E%^%#

 

free-rule-template name default_free_rule
free-rule 0 destination ip 61.128.128.68 mask 255.255.255.255 source ip any
free-rule 2 destination ip any source ip 192.168.250.0 mask 255.255.255.0 

 

url-template name ndkey-wcc-web
url http://10.0.10.22/?url_id=16077300
url-parameter redirect-url redirect-url ssid ssid user-ipaddress user-ipaddress user-mac user-mac

web-auth-server ndkey-wcc-web-ser
server-ip 10.0.10.22
port 50100
shared-key cipher %^%#:q@[M'^_j)HG2Z!2s8_!==&p,\VR#Esp(UDMt=}Q%^%#
url http://10.0.10.22/?url_id=16077300
url-template ndkey-wcc-web

 

portal-access-profile name portal1701
web-auth-server ndkey-wcc-web-ser direct
#
portal-access-profile name portal1702
web-auth-server ndkey-wcc-web-ser direct 

 

aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authentication-scheme ndkey-wcc-radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
accounting-scheme ndkey-wcc-radius
accounting-mode radius
domain default
authentication-scheme ndkey-wcc-radius
accounting-scheme ndkey-wcc-radius
radius-server ndkey-wcc-radius
domain default_admin
domain huawei.com
authentication-scheme ndkey-wcc-radius
accounting-scheme ndkey-wcc-radius
radius-server ndkey-wcc-radius