版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
11/11直接portal认证实验总结无线直接portal认证
1.组网需求
●用户通过无线SSID接入,根据业务需求,接入用户通过vlan20、vlan30和vlan40,3
个网段接入,AP管理地址使用vlan10网段,所有网关在AC上,并且通过AC上的DHCP获取地址。
●用户接入时需要启用portal认证。
2.组网图
3.配置思路
●在WX3024E上配置portal功能
●配置IMC服务器
4.配置信息
●AC配置如下:
[H3C_AC-1]dispcu
#
version5.20,Release3507P18
#
sysnameH3C_AC-1
#
domaindefaultenableh3c
#
telnetserverenable
#
port-securityenable
#
portalserverimcip1keycipher$c$3$JE7u4JeHMC5L06LL4Jl1jaJZB0f86sEzurl1:8080/portalserver-typeimc
#
oapmanagement-ip01slot0
#
password-recoveryenable
#
vlan1
#
vlan10
descriptionto_AP
#
vlan20
description_User
#
vlan30
descriptionto_User
#
vlan40
descriptionto_User
#
vlan100
descriptionto_IMC
#
vlan1000
descriptionto_Router
#
radiusschemeimc
server-typeextended
primaryauthentication1
primaryaccounting1
keyauthenticationcipher$c$3$q+rBITlcE79qH12EH3xe3Rc8Nj/fcVy1
keyaccountingcipher$c$3$Uiv1821RWnPK4Mi2fIzd29DJ6yKvp38i
nas-ip54
#
domainh3c
authenticationportalradius-schemeimc
authorizationportalradius-schemeimc
accountingportalradius-schemeimc
access-limitdisable
stateactive
idle-cutdisable
self-service-urldisable
domainsystem
access-limitdisable
stateactive
idle-cutdisable
self-service-urldisable
#
dhcpserverip-poolvlan10
networkmask
gateway-list54
dns-list
option43hex8007000001C0A80AFE
#
dhcpserverip-poolvlan20
networkmask
gateway-list54
dns-list
#
dhcpserverip-poolvlan30
networkmask
gateway-list54
dns-list
#
dhcpserverip-poolvlan40
networkmask
gateway-list54
dns-list
#
user-groupsystem
group-attributeallow-guest
#
local-useradmin
passwordcipher$c$3$v9m2UEc3AWP3KbkKm480OAgOcpMkD0pDauthorization-attributelevel3
service-typetelnet
#
wlanrrm
dot11amandatory-rate61224
dot11asupported-rate918364854
dot11bmandatory-rate12
dot11bsupported-rate5.511
dot11gmandatory-rate125.511
dot11gsupported-rate69121824364854#
wlanservice-template1crypto
ssidH3C-VLAN20
bindWLAN-ESS20
cipher-suiteccmp
security-iewpa
service-templateenable
#
wlanservice-template2crypto
ssidH3C-VLAN30
bindWLAN-ESS30
cipher-suiteccmp
security-iewpa
service-templateenable
#
wlanservice-template3crypto
ssidH3C-VLAN40
bindWLAN-ESS40
cipher-suiteccmp
security-iewpa
service-templateenable
#
wlanap-groupdefault_group
apap1
#
interfaceBridge-Aggregation1
portlink-typetrunk
undoporttrunkpermitvlan1
porttrunkpermitvlan102030401001000#
interfaceNULL0
#
interfaceVlan-interface1
ipaddress00
#
interfaceVlan-interface10
descriptionto_User
ipaddress54
#
interfaceVlan-interface20
descriptionto_User
ipaddress54
portalserverimcmethoddirect
#
interfaceVlan-interface30
descriptionto_User
ipaddress54
#
interfaceVlan-interface40
descriptionto_User_vlan40
ipaddress54
#
interfaceVlan-interface100
descriptionto_IMC
ipaddress54
#
interfaceVlan-interface1000
descriptionto_Router
ipaddress52
#
interfaceGigabitEthernet1/0/1
portlink-typetrunk
undoporttrunkpermitvlan1
porttrunkpermitvlan102030401001000
portlink-aggregationgroup1
#
interfaceGigabitEthernet1/0/2
portlink-typetrunk
undoporttrunkpermitvlan1
porttrunkpermitvlan102030401001000
portlink-aggregationgroup1
#
interfaceWLAN-ESS20
portaccessvlan20
port-securityport-modepsk
port-securitytx-key-type11key
port-securitypreshared-keypass-phrase12345678#
interfaceWLAN-ESS30
portaccessvlan30
port-securityport-modepsk
port-securitytx-key-type11key
port-securitypreshared-keypass-phrase12345678
#
interfaceWLAN-ESS40
portaccessvlan40
ort-securityport-modepskp
port-securitytx-key-type11key
port-securitypreshared-keypass-phrase12345678wlanapap1modelWA3620i-AGNid1
serial-id210235A1BBC146000073
radio1
service-template1
service-template2
service-template3
radioenable
radio2
channel6
service-template1
service-template2
service-template3
radioenable
#
iproute-static
#
wlanips
malformed-detect-policydefault
signaturedeauth_floodsignature-id1
signaturebroadcast_deauth_floodsignature-id2signaturedisassoc_floodsignature-id3signaturebroadcast_disassoc_floodsignature-id4signatureeapol_logoff_floodsignature-id5signatureeap_success_floodsignature-id6signatureeap_failure_floodsignature-id7signaturepspoll_floodsignature-id8
signaturects_floodsignature-id9
signaturerts_floodsignature-id10
signatureaddba_req_floodsignature-id11signature-policydefault
countermeasure-policydefault
attack-detect-policydefault
virtual-security-domaindefault
attack-detect-policydefault
malformed-detect-policydefault
signature-policydefault
countermeasure-policydefault
#
dhcpserverforbidden-ip54dhcpserverforbidden-ip54dhcpserverforbidden-ip54dhcpserverforbidden-ip54#
dhcpenable
#
user-interfacecon0
user-interfacevty04
authentication-modescheme
userprivilegelevel3
#
return
交换机配置如下
dispcu
#
version5.20,Release3507P18
#
sysnameH3C-SW01
#
domaindefaultenablesystem
#
telnetserverenable
#
oapmanagement-ip00slot1#
password-recoveryenable
#
vlan1
#
vlan10
descriptionto_AP
#
vlan20
descriptionto_User-vlan20
#
vlan30
descriptionto_User-vlan30
#
vlan40
descriptionto_User-vlan40
#
vlan100
descriptionto_IMC
#
vlan1000
descriptionto_Router
#
domainsystem
access-limitdisable
stateactive
idle-cutdisable
self-service-urldisable
#
user-groupsystem
#
local-useradmin
passwordcipher$c$3$078okxl+RPQFofPe76YXbYryBRI3uMKvauthorization-attributelevel3
service-typetelnet
#
interfaceBridge-Aggregation1
portlink-typetrunk
undoporttrunkpermitvlan1
porttrunkpermitvlan102030401001000
#
interfaceNULL0
#
interfaceVlan-interface1
ipaddress01
#
interfaceGigabitEthernet1/0/1
portlink-typetrunk
undoporttrunkpermitvlan1
porttrunkpermitvlan203040
porttrunkpvidvlan10
poeenable
#
interfaceGigabitEthernet1/0/2
portaccessvlan100
poeenable
#
interfaceGigabitEthernet1/0/3
portlink-typetrunk
undoporttrunkpermitvlan1
porttrunkpermitvlan1000
poeenable
#
interfaceGigabitEthernet1/0/4poeenable
#
interfaceGigabitEthernet1/0/5poeenable
#
interfaceGigabitEthernet1/0/6poeenable
#
interfaceGigabitEthernet1/0/7poeenable
#
interfaceGigabitEthernet1/0/8poeenable
#
interfaceGigabitEthernet1/0/9poeenable
#
interfaceGigabitEthernet1/0/10poeenable
#
interfaceGigabitEthernet1/0/11poeenable
#
interfaceGigabitEthernet1/0/12poeenable
#
interfaceGigabitEthernet1/0/13poeenable
#
interfaceGigabitEthernet1/0/14poeenable
#
interfaceGigabitEthernet1/0/15poeenable
#
interfaceGigabitEthernet1/0/16poeenable
#
interfaceGigabitEthernet1/0/17poeenable
#
interfaceGigabitEthernet1/0/18
poeenable
#
interfaceGigabitEthernet1/0/19
poeenable
#
interfaceGigabitEthernet1/0/20
poeenable
#
interfaceGigabitEthernet1/0/21
poeenable
#
interfaceGigabitEthernet1/0/22
poeenable
#
interfaceGigabitEthernet1/0/23
poeenable
#
interfaceGigabitEthernet1/0/24
poeenable
#
interfaceGigabitEthernet1/0/25
shutdown
#
interfaceGigabitEthernet1/0/26
shutdown
#
interfaceGigabitEthernet1/0/27
shutdown
#
interfaceGigabitEthernet1/0/28
shutdown
#
interfaceGigabitEthernet1/0/29
portlink-typetrunk
undoporttrunkpermitvlan1
porttrunkpermitvlan102030401001000portlink-aggregationgroup1
#
interfaceGigabitEthernet1/0/30
portlink-typetrunk
undoporttrunkpermitvlan1
porttrunkpermitvlan10203040100
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 2024年高硅氧纤维穿刺织物项目建议书
- 2024年高清晰度电视(HDTV)配套集成电路合作协议书
- 防火门购销合同
- 2024年农药原药合作协议书
- 甜品店装修工程协议
- 生态园改造工程协议
- 美式风格装修合同细则
- 药品直供物流协议样本
- 特种车辆乘客运输合同范本
- 网络安全实验室改造协议
- 中国传统戏曲服饰元素在当代服装设计上的运用
- 2024年中国银行股份有限公司招聘笔试参考题库含答案解析
- 浙教版六年级劳动项目三-任务二《创意班规巧设计》课件
- 【单元专项】人教PEP版五年级上册英语-Unit 2 My week 阅读(含答案)
- 胶东国际机场
- 中国成人患者肠外肠内营养临床应用指南(2023版)
- 水工建筑物课程设计任务和指导书
- 蛋白的分离纯化
- 英汉互译单词练习打印纸
- 中学学生日常行为规范(2023版)
- 咽喉癌病历书写
评论
0/150
提交评论