ZhuoMai-Portal對(duì)接實(shí)例

1、1.對(duì)接愛快拓?fù)洌合嚓P(guān)上網(wǎng)地址：愛快LAN：/24Portal地址：/24 GAT DNS:9認(rèn)證終端地址：-54/24 GAT DNS:9配置前需：不開啟認(rèn)證情況用戶終端可通過網(wǎng)關(guān)正常上網(wǎng)；開啟認(rèn)證portal服務(wù)器能和認(rèn)證終端正常通信。網(wǎng)關(guān)對(duì)接設(shè)置：（常見IP設(shè)置請(qǐng)參考愛快手冊(cè)）Radius對(duì)接（IP以及訪問參考卓邁計(jì)費(fèi)配置手冊(cè)）添加地區(qū)添加NAS（添加完后需要應(yīng)用配置）添加限速模板添加套餐模板（公共賬號(hào)沒有什么時(shí)間

2、限制）添加公共賬號(hào)Portal對(duì)接設(shè)置（常見IP上網(wǎng)參數(shù)設(shè)置請(qǐng)參考卓邁portal手冊(cè)）以上配置完畢后效果：用戶接入認(rèn)證網(wǎng)絡(luò)主動(dòng)彈出認(rèn)證頁面點(diǎn)擊一鍵認(rèn)證，認(rèn)證成功。其余認(rèn)證方式請(qǐng)閱讀以后接下來的認(rèn)證方式對(duì)應(yīng)配置。2.對(duì)接華為交換機(jī)以對(duì)接華為9303交換機(jī)為例拓?fù)淙A為9303相關(guān)配置domain hw /必須設(shè)置要與AAA domain一致/radius配置radius-server template rd_portal -radius模板 radius-server shared-key cipher 123456 -共享密鑰 radius-server authentication 172.

3、16.45.253 1812 -認(rèn)證地址端口 radius-server accounting 53 1813 -計(jì)費(fèi)地址端口 radius-server retransmit 2 timeout 10 -轉(zhuǎn)發(fā)超時(shí)次數(shù) undo radius-server user-name domain-included -認(rèn)證不帶域 calling-station-id mac-format dot-split mode2 -MAC上傳radius格式/portal設(shè)置web-auth-server portal -建立portal模板 server-ip 53

4、 -設(shè)置portal地址 port 50100 -設(shè)置跳轉(zhuǎn)地址 shared-key cipher 123456 -設(shè)置密鑰 url 53 -設(shè)置端口50100/AAA配置aaa -認(rèn)證計(jì)費(fèi)均采用radius模板 authentication-scheme 999 authentication-mode radiusaccounting-scheme 888 accounting-mode radiusdomain hw authentication-scheme 999 accounting-scheme 888 radius-server rd_porta

5、l/IP相關(guān)配置ip pool vlan9 -設(shè)置dhcp gateway-list 54 network mask lease day 0 hour 4 minute 0 dns-list 14interface Vlanif8 -設(shè)置vlan8IP ip address 54 interface Vlanif9 -設(shè)置vlan9IP并開啟dhcp ip address 54 dhcp select glo

6、balinterface GigabitEthernet1/0/1 port link-type access port default vlan 8interface GigabitEthernet1/0/2 port link-type access port default vlan 9ip route-static -設(shè)置默認(rèn)網(wǎng)關(guān)/portal配置應(yīng)用interface Vlanif9 ip address 54 dhcp select globalweb-auth-server po

7、rtal layer3 -開啟portal認(rèn)證 /認(rèn)證白名單portal free-rule 1 destination ip 54 mask 55portal free-rule 2 destination ip 53 mask 55portal free-rule 3 destination ip 14 mask 55-排除網(wǎng)關(guān)、portal服務(wù)器、DNSRadius對(duì)接（IP以及訪問參考卓邁計(jì)費(fèi)配置手冊(cè)）添加地區(qū)添加NAS（添加完后需要應(yīng)用配置

8、）添加限速模板添加套餐模板（公共賬號(hào)沒有什么時(shí)間限制）添加公共賬號(hào)Portal對(duì)接設(shè)置（常見IP上網(wǎng)參數(shù)設(shè)置請(qǐng)參考卓邁portal手冊(cè)）以上配置完畢后效果：用戶接入認(rèn)證網(wǎng)絡(luò)主動(dòng)彈出認(rèn)證頁面點(diǎn)擊一鍵認(rèn)證，認(rèn)證成功。其余認(rèn)證方式請(qǐng)閱讀以后接下來的認(rèn)證方式對(duì)應(yīng)配置。3.對(duì)接華為AC以對(duì)接華為AC6005為例拓?fù)洌合嚓P(guān)配置:1、將無線認(rèn)證用戶及設(shè)備劃分到VLAN20vlan 20 description user_vlan2、配置Radius認(rèn)證模板radius-server template radius_portalradius-server shared-key cipher 123456rad

9、ius-server authentication 1812 weight 80radius-server accounting 1813 weight 80undo radius-server user-name domain-includedurl-template name urlTemplate_03、配置Portal認(rèn)證對(duì)接的參數(shù)web-auth-server portalserver-ip port 50100shared-key cipher 123456url url

10、-template urlTemplate_04、配置無線認(rèn)證用戶的地址池、網(wǎng)關(guān)及DNSip pool vlan20gateway-list network mask lease day 0 hour 2 minute 0 dns-list 145、配置AAA模板Domain aaa authentication-scheme radius_portal authentication-mode radius accounting-scheme radius_portal accounting-mo

11、de radius domain authentication-scheme radius_portal accounting-scheme radius_portal radius-server radius_portal 6、配置地址以及在Vlan20中啟用Portal認(rèn)證interface Vlanif1ip address interface Vlanif10ip address interface Vlanif20ip address 255.255.255

12、.0 web-auth-server portal directdhcp select global7.認(rèn)證白名單：網(wǎng)關(guān)DNSPortalportal free-rule 1 destination ip mask 55portal free-rule 2 destination ip mask 55portal free-rule 3 destination ip 14 mask 558、其他配置如下：interface GigabitEth

13、ernet0/0/1port link-type accessport default vlan 20interface GigabitEthernet0/0/2port link-type accessport default vlan 10ip route-static 配置Radius：參考對(duì)接華為交換機(jī)中配置配置portal：參考對(duì)接華為交換機(jī)中配置配置成功后能達(dá)到效果：連接wifi彈出認(rèn)證界面點(diǎn)擊一鍵認(rèn)證認(rèn)證成功4.對(duì)接H3C交換機(jī)拓?fù)?. 配置步驟(1) IAG 配置# 配置Portal server，其中key 和端口號(hào)根據(jù)具

14、體組網(wǎng)配置。portal server 8042 ip key 123456 url # 配置portal free-rule，允許客戶端在未進(jìn)行Portal 認(rèn)證之前訪問網(wǎng)關(guān)。portal free-rule 0 source any destination ip mask 55# 配置portal free-rule，允許客戶端在未進(jìn)行Portal 認(rèn)證之前訪問DNS 服務(wù)器。portal free-rule 1 source any destination ip 192.168.

15、10.2 mask 55# 配置Radius 服務(wù)器。radius scheme 8042primary authentication key 123456primary accounting key 123456user-name-format without-domainnas-ip # 配置認(rèn)證域。domain 8042authentication portal radius-scheme 8042authorization portal radius-scheme 8042accoun

16、ting portal radius-scheme 8042access-limit disablestate activeidle-cut enable 10 102400self-service-url disable# 配置DHCP server 地址池。dhcp server ip-pool 1network mask gateway-list dns-list 14expired day 0 hour 12# 配置接口。interface Ten-GigabitEthernet0/0.2vl

17、an-type dot1q vid 248ip address # 配置ARP 授權(quán)，禁止不經(jīng)DHCP 分配的IP 地址的訪問。arp authorized enabledhcp update arp# 啟用Portal。portal server 8042 method direct# 指定Portal 認(rèn)證域。portal domain 8042# 指定與Portal server 交互的IP 地址，必須本機(jī)上存在的IP 地址。portal nas-ip # 配置探測(cè)用戶ARP。access-user detect type arp