華為 H3C 配置 Portal認(rèn)證 mac-trigger快速認(rèn)證 Mac無(wú)感知認(rèn)證 Radius認(rèn)證計(jì)費(fèi) 對(duì)接 外部Portal認(rèn)證計(jì)費(fèi)系統(tǒng) 案例

介紹：?

? ? ? ? OpenPortal網(wǎng)絡(luò)準(zhǔn)入認(rèn)證計(jì)費(fèi)系統(tǒng)，支持用戶名密碼認(rèn)證、短信認(rèn)證、釘釘授權(quán)認(rèn)證、微信認(rèn)證、公眾號(hào)認(rèn)證、答題認(rèn)證、視頻倒計(jì)時(shí)認(rèn)證、人臉識(shí)別認(rèn)證、訪客二維碼授權(quán)認(rèn)證、LDAP AD域結(jié)合認(rèn)證、第三方OA系統(tǒng)擴(kuò)展認(rèn)證等等各種認(rèn)證模式，支持二次代撥認(rèn)證等技術(shù)，支持用戶自助注冊(cè)，自行選擇計(jì)費(fèi)套餐進(jìn)行支付寶、微信自助繳費(fèi)等。

????????支持與華為所有支持Portal認(rèn)證的AC控制器如AC6005 AC6605等，以及所有支持Portal認(rèn)證的三層交換機(jī)如S5700 S7606 7706 7703等，以及所有支持Portal認(rèn)證的接入路由如華為AR-6280等，以及多業(yè)務(wù)網(wǎng)關(guān)BRAS如me60 ?ma5200等設(shè)備進(jìn)行對(duì)接。

? ? ? ? OpenPortal包含Portal協(xié)議認(rèn)證系統(tǒng)+Radius AAA認(rèn)證計(jì)費(fèi)授權(quán)系統(tǒng)，支持CMCC V1 V2協(xié)議標(biāo)準(zhǔn)，華為Portal協(xié)議V1 V2等，支持Radius協(xié)議RFC2865，RFC2866標(biāo)準(zhǔn)，支持CMCC標(biāo)準(zhǔn)mac-trigger協(xié)議和mac auth標(biāo)準(zhǔn)的MAC優(yōu)先的MAC快速認(rèn)證、無(wú)感知認(rèn)證，支持限速策略下發(fā)、ACL下發(fā)、ip-pool下發(fā)等一系列接入策略配置。

需求：

????????H3C-WX系列AC控制器可作為PPPoe撥號(hào)、專線連接的出口網(wǎng)關(guān)，并且該設(shè)備支持L2TP（撥號(hào)或者多撥動(dòng)態(tài)IP網(wǎng)絡(luò)環(huán)境下實(shí)現(xiàn)云認(rèn)證計(jì)費(fèi)服務(wù)部署模式），該設(shè)備支持mac-trigger協(xié)議的MAC快速無(wú)感知認(rèn)證+Portal認(rèn)證，支持CMCC協(xié)議模式和IMC協(xié)議模式，支持基于VAP限速和vcl策略下發(fā)應(yīng)用。

具體拓?fù)淙缦?#xff1a;

設(shè)備配置：?

****************************************************************************** * Copyright (c) 2004-2018 New H3C Technologies Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ******************************************************************************login: admin Password: <H3C-WX2510H>sys System View: return to User View with Ctrl+Z. [H3C-WX2510H]dis cur #version 7.1.064, Release 5226 #sysname H3C-WX2510H #telnet server enable #dialer-group 1 rule ip permit #dhcp enable #password-recovery enable # vlan 1 # vlan 100 # vlan 200 # dhcp server ip-pool wlangateway-list 172.16.0.1network 172.16.0.0 mask 255.255.255.0dns-list 114.114.114.114 202.98.192.67forbidden-ip 172.16.0.1forbidden-ip 172.16.0.10 # interface Dialer0ppp chap password cipher $c$3$MnsrYXKEg3UAugDLYToYM+rvweSIr2YBdw== ppp chap user 0851xxxxxxxx dialer bundle enabledialer-group 1dialer timer idle 0dialer timer autodial 60ip address ppp-negotiatenat outbound # interface Virtual-PPP1ppp chap password cipher $c$3$hgiYV2peyVHqfHszwP0PeYvpne1lIQ== ppp chap user xxxxxxxx ip address ppp-negotiatel2tp-auto-client l2tp-group 1 # interface NULL0 # interface Vlan-interface100ip address 192.168.0.20 255.255.255.0nat outbound undo dhcp select server # interface Vlan-interface200ip address 172.16.0.1 255.255.255.0dhcp server apply ip-pool wlanportal enable method directportal domain v5portal bas-ip 10.0.0.100portal fail-permit server v5portal apply web-server v5portal apply mac-trigger-server v5portal fail-permit web-serverportal outbound-filter enable # interface GigabitEthernet1/0/5port link-mode routedescription wanshutdownpppoe-client dial-bundle-number 0 # interface GigabitEthernet1/0/1port link-mode bridgeport link-type hybridundo port hybrid vlan 1port hybrid vlan 200 untaggedport hybrid pvid vlan 200 # interface GigabitEthernet1/0/2port link-mode bridgeport access vlan 100 # interface GigabitEthernet1/0/3port link-mode bridgeport access vlan 100 # interface GigabitEthernet1/0/4port link-mode bridgeport access vlan 100 #scheduler logfile size 16 # line class consoleuser-role network-admin # line class vtyuser-role network-operator # line con 0user-role network-admin # line vty 0 31authentication-mode schemeuser-role network-operator #ip route-static 0.0.0.0 0 192.168.0.254ip route-static 0.0.0.0 0 Dialer0 preference 100ip route-static 10.0.0.1 32 Virtual-PPP1 #undo info-center logfile enable # acl advanced 3000rule 0 deny ip destination 114.114.114.114 0rule 10 permit ip #radius session-control enableradius nas-ip 192.168.0.20 # radius scheme portalprimary authentication 192.168.0.1primary accounting 192.168.0.1key authentication cipher $c$3$luljjvSNrw/TiOjAFHbig+9EmAtbbSy/Ow==key accounting cipher $c$3$2QBlzJAD/HaBi3qkXtkZ5aqfSXwq6eVObg==timer realtime-accounting 5user-name-format without-domainnas-ip 192.168.0.20 # radius scheme v5primary authentication 10.0.0.1primary accounting 10.0.0.1key authentication cipher $c$3$gkLbvh+cFPOjtAYvqTzGIpQDlUkUqFTtww==key accounting cipher $c$3$1G2kuCiURMD6ywMsvhnznS3K8KIVYhViRQ==timer realtime-accounting 5user-name-format without-domainnas-ip 10.0.0.100 # radius dynamic-author server client ip 192.168.0.1 key cipher $c$3$ZritD/wSB3Dx8xkoJqDXOuuc0izCVlfsvQ==client ip 10.0.0.1 key cipher $c$3$imaB4mamtOkg0YB8nPzyA6RJ0HJg5htCYA== # domain portalauthorization-attribute idle-cut 600 10240authentication portal radius-scheme portalauthorization portal radius-scheme portalaccounting portal radius-scheme portal # domain system # domain v5authorization-attribute idle-cut 600 10240authentication portal radius-scheme v5authorization portal radius-scheme v5accounting portal radius-scheme v5 #domain default enable system # role name level-0description Predefined level-0 role # role name level-1description Predefined level-1 role # role name level-2description Predefined level-2 role # role name level-3description Predefined level-3 role # role name level-4description Predefined level-4 role # role name level-5description Predefined level-5 role # role name level-6description Predefined level-6 role # role name level-7description Predefined level-7 role # role name level-8description Predefined level-8 role # role name level-9description Predefined level-9 role # role name level-10description Predefined level-10 role # role name level-11description Predefined level-11 role # role name level-12description Predefined level-12 role # role name level-13description Predefined level-13 role # role name level-14description Predefined level-14 role # user-group system # local-user admin class managepassword hash $h$6$V6l15zHsaTdPV4Et$mYd9zqUrfLD/gay4+cnAkQGdlh0BbYKYWgVNgVGR9IL9CwR5ueibOiXVom1E5/ZbZMR7tEHpz2Iil+0tcj3CIw==service-type telnet http httpsauthorization-attribute user-role network-admin # l2tp-group 1 mode laclns-ip 39.108.188.100undo tunnel authentication # l2tp enable #portal nas-port-id format 4portal host-check enableportal free-rule 0 source ip 192.168.0.1 255.255.255.255 destination ip anyportal free-rule 1 source ip any destination ip 192.168.0.1 255.255.255.255portal free-rule 10 source ip 114.114.114.114 255.255.255.255 destination ip anyportal free-rule 11 source ip any destination ip 114.114.114.114 255.255.255.255portal free-rule 12 source ip 118.118.118.9 255.255.255.255 destination ip anyportal free-rule 13 source ip any destination ip 118.118.118.9 255.255.255.255portal free-rule 14 source ip 118.118.118.7 255.255.255.255 destination ip anyportal free-rule 15 source ip any destination ip 118.118.118.7 255.255.255.255portal free-rule 16 source ip 202.98.198.167 255.255.255.255 destination ip anyportal free-rule 17 source ip any destination ip 202.98.198.167 255.255.255.255portal free-rule 18 source ip 202.98.192.67 255.255.255.255 destination ip anyportal free-rule 19 source ip any destination ip 202.98.192.67 255.255.255.255portal free-rule 20 source ip 39.108.188.100 255.255.255.255 destination ip anyportal free-rule 21 source ip any destination ip 39.108.188.100 255.255.255.255 # portal web-server portalurl http://192.168.0.1/html_phone_all/index.htmlserver-detect interval 60 retry 2 trapserver-type cmccurl-parameter basip value 192.168.0.20url-parameter mac source-macurl-parameter url original-urlurl-parameter vlan vlanurl-parameter wlanuserip source-address # portal web-server v5url https://portal.openportal.com.cn/index_chooseserver-type cmccurl-parameter basip value 10.0.0.100url-parameter mac source-macurl-parameter url original-urlurl-parameter vlan vlanurl-parameter wlanuserip source-address # portal server portalip 192.168.0.1 key cipher $c$3$btxt8S1jS5tOQlrl+xVpvuaJFUJJLITTlg==server-detect trapserver-type cmcc # portal server v5ip 10.0.0.1 key cipher $c$3$Tru54pt2cHm4xVo17Vl+bdJ3epbN6GO3Vw==server-type cmcc #ip http enableip https enable # portal mac-trigger-server portalip 192.168.0.1 key cipher $c$3$T6WO1a9vipUaJJbV6jZgkSAFnKnxJTvJEA==server-type cmccbinding-retry 1aaa-fail nobinding enable # portal mac-trigger-server v5ip 10.0.0.1 key cipher $c$3$gT5/4cnmESqMniE2zxUQlu2sKswhntmM7A==server-type cmccbinding-retry 1aaa-fail nobinding enable # wlan global-configuration # wlan ap-group default-groupvlan 1 # return

?OpenPortal對(duì)接截圖：

總結(jié)

以上是生活随笔為你收集整理的华为 H3C 配置 Portal认证 mac-trigger快速认证 Mac无感知认证 Radius认证计费 对接 外部Portal认证计费系统 案例的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。