首页工作总结其他工作总结

直接portal认证实验总结_portal认证学习小结

2020-02-28 其他工作总结 下载本文

直接portal认证实验总结由刀豆文库小编整理,希望给你工作、学习、生活带来方便,猜你可能喜欢“portal认证学习小结”。

无线直接portal认证

1.组网需求

 用户通过无线SSID接入,根据业务需求,接入用户通过vlan20、vlan30和vlan40,3个网段接入,AP管理地址使用vlan10网段,所有网关在AC上,并且通过AC上的DHCP获取地址。

 用户接入时需要启用portal认证。

2.组网图

3.配置思路

 在WX3024E上配置portal功能  配置IMC服务器

4.配置信息

 AC配置如下:

[H3C_AC-1]disp cu # version 5.20, Release 3507P18 # sysname H3C_AC-1 # domain default enable h3c # telnet server enable # port-security enable # portal server imc ip 192.168.1.11 key cipher $c$3$JE7u4JeHMC5L06LL4Jl1jaJZB0f86sEz url http://192.168.1.11:8080/portal server-type imc # oap management-ip 192.168.0.101 slot 0 # paword-recovery enable # vlan 1 # vlan 10 description to_AP # vlan 20 description _User # vlan 30 description to_User # vlan 40 description to_User # vlan 100 description to_IMC # vlan 1000 description to_Router # radius scheme imc server-type extended primary authentication 192.168.1.11 primary accounting 192.168.1.11 key authentication cipher $c$3$q+rBITlcE79qH12EH3xe3Rc8Nj/fcVy1 key accounting cipher $c$3$Uiv1821RWnPK4Mi2fIzd29DJ6yKvp38i nas-ip 192.168.1.254 # domain h3c authentication portal radius-scheme imc authorization portal radius-scheme imc accounting portal radius-scheme imc acce-limit disable state active idle-cut disable self-service-url disable domain system acce-limit disable state active idle-cut disable self-service-url disable # dhcp server ip-pool vlan10 network 192.168.10.0 mask 255.255.255.0 gateway-list 192.168.10.254 dns-list 8.8.8.8 option 43 hex 80070000 01C0A80A FE # dhcp server ip-pool vlan20 network 172.16.20.0 mask 255.255.255.0 gateway-list 172.16.20.254 dns-list 8.8.8.8 #

dhcp server ip-pool vlan30 network 172.16.30.0 mask 255.255.255.0 gateway-list 172.16.30.254 dns-list 8.8.8.8 # dhcp server ip-pool vlan40 network 172.16.40.0 mask 255.255.255.0 gateway-list 172.16.40.254 dns-list 8.8.8.8 # user-group system group-attribute allow-guest # local-user admin paword cipher $c$3$v9m2UEc3AWP3KbkKm480OAgOcpMkD0pD authorization-attribute level 3 service-type telnet # wlan rrm dot11a mandatory-rate 6 12 24 dot11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54 # wlan service-template 1 crypto id H3C-VLAN20 bind WLAN-ESS 20 cipher-suite ccmp security-ie wpa service-template enable # wlan service-template 2 crypto id H3C-VLAN30 bind WLAN-ESS 30 cipher-suite ccmp security-ie wpa service-template enable # wlan service-template 3 crypto id H3C-VLAN40 bind WLAN-ESS 40 cipher-suite ccmp security-ie wpa service-template enable # wlan ap-group default_group ap ap1 # interface Bridge-Aggregation1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 10 20 30 40 100 1000 # interface NULL0 # interface Vlan-interface1 ip addre 192.168.0.100 255.255.255.0 #

interface Vlan-interface10 description to_User ip addre 192.168.10.254 255.255.255.0 # interface Vlan-interface20 description to_User ip addre 172.16.20.254 255.255.255.0 portal server imc method direct # interface Vlan-interface30 description to_User ip addre 172.16.30.254 255.255.255.0 # interface Vlan-interface40 description to_User_vlan40 ip addre 172.16.40.254 255.255.255.0 # interface Vlan-interface100 description to_IMC ip addre 192.168.1.254 255.255.255.0 # interface Vlan-interface1000 description to_Router ip addre 10.1.1.2 255.255.255.252 # interface GigabitEthernet1/0/1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 10 20 30 40 100 1000 port link-aggregation group 1 # interface GigabitEthernet1/0/2 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 10 20 30 40 100 1000 port link-aggregation group 1 # interface WLAN-ESS20 port acce vlan 20 port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pa-phrase 12345678 # interface WLAN-ESS30 port acce vlan 30 port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pa-phrase 12345678 # interface WLAN-ESS40 port acce vlan 40 ort-security port-mode pskp port-security tx-key-type 11key port-security preshared-key pa-phrase 12345678 wlan ap ap1 model WA3620i-AGN id 1 serial-id 210235A1BBC146000073 radio 1

service-template 1

service-template 2

service-template 3

radio enable radio 2

channel 6

service-template 1

service-template 2

service-template 3

radio enable #

ip route-static 0.0.0.0 0.0.0.0 10.1.1.1 # wlan ips malformed-detect-policy default signature deauth_flood signature-id 1 signature broadcast_deauth_flood signature-id 2 signature disaoc_flood signature-id 3 signature broadcast_disaoc_flood signature-id 4 signature eapol_logoff_flood signature-id 5 signature eap_succe_flood signature-id 6 signature eap_failure_flood signature-id 7 signature pspoll_flood signature-id 8 signature cts_flood signature-id 9 signature rts_flood signature-id 10 signature addba_req_flood signature-id 11 signature-policy default countermeasure-policy default attack-detect-policy default virtual-security-domain default

attack-detect-policy default

malformed-detect-policy default

signature-policy default

countermeasure-policy default # dhcp server forbidden-ip 192.168.10.254 dhcp server forbidden-ip 172.16.20.254 dhcp server forbidden-ip 172.16.30.254 dhcp server forbidden-ip 172.16.40.254 # dhcp enable # user-interface con 0 user-interface vty 0 4 authentication-mode scheme user privilege level 3 # return

 交换机配置如下 disp cu # version 5.20, Release 3507P18 # sysname H3C-SW01 # domain default enable system # telnet server enable # oap management-ip 192.168.0.100 slot 1 # paword-recovery enable # vlan 1 # vlan 10 description to_AP # vlan 20 description to_User-vlan20 # vlan 30 description to_User-vlan30 #

vlan 40 description to_User-vlan40 # vlan 100 description to_IMC # vlan 1000 description to_Router # domain system acce-limit disable state active idle-cut disable self-service-url disable # user-group system # local-user admin paword cipher $c$3$078okxl+RPQFofPe76YXbYryBRI3uMKv authorization-attribute level 3 service-type telnet # interface Bridge-Aggregation1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 10 20 30 40 100 1000 # interface NULL0 # interface Vlan-interface1 ip addre 192.168.0.101 255.255.255.0 # interface GigabitEthernet1/0/1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 20 30 40

port trunk pvid vlan 10 poe enable # interface GigabitEthernet1/0/2 port acce vlan 100 poe enable # interface GigabitEthernet1/0/3 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 1000 poe enable # interface GigabitEthernet1/0/4 poe enable # interface GigabitEthernet1/0/5 poe enable #

interface GigabitEthernet1/0/6 poe enable # interface GigabitEthernet1/0/7 poe enable # interface GigabitEthernet1/0/8 poe enable # interface GigabitEthernet1/0/9 poe enable # interface GigabitEthernet1/0/10 poe enable # interface GigabitEthernet1/0/11 poe enable # interface GigabitEthernet1/0/12 poe enable # interface GigabitEthernet1/0/13 poe enable

# interface GigabitEthernet1/0/14 poe enable # interface GigabitEthernet1/0/15 poe enable # interface GigabitEthernet1/0/16 poe enable # interface GigabitEthernet1/0/17 poe enable # interface GigabitEthernet1/0/18 poe enable # interface GigabitEthernet1/0/19 poe enable # interface GigabitEthernet1/0/20 poe enable # interface GigabitEthernet1/0/21 poe enable # interface GigabitEthernet1/0/22 poe enable # interface GigabitEthernet1/0/23 poe enable # interface GigabitEthernet1/0/24 poe enable # interface GigabitEthernet1/0/25 shutdown # interface GigabitEthernet1/0/26 shutdown # interface GigabitEthernet1/0/27 shutdown # interface GigabitEthernet1/0/28 shutdown #

interface GigabitEthernet1/0/29 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 10 20 30 40 100 1000 port link-aggregation group 1 # interface GigabitEthernet1/0/30 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 10 20 30 40 100 1000 port link-aggregation group 1 # user-interface aux 0 user-interface vty 0 4 authentication-mode scheme user-interface vty 5 15 # Return 5.IMC配置:

 配置接入设备:

在导航栏中选择“用户->接入策略管理->接入设备管理->接入设备配置”,点击按钮。在“增加接入设备”页面如下图所示配置参数

 配置接入策略:

在iMC“用户>接入策略管理”中选择“接入策略管理”,在“接入策略管理”页面中单击按钮,按下图所示配置参数:

 配置服务管理:

在iMC“用户>接入策略管理”中选择“接入服务管理”,在“接入服务管理”页面中单击按钮,按下图所示配置参数:

 配置用户管理:

在iMC“用户>用户管理”中选择“所有用户”,在“所有用户”页面中单击按钮,在中选择,按下图所示配置参数:

 Portal服务器配置:

在iMC“用户>接入策略管理>portal服务器管理”中选择“服务器管理”,在“服务器管理”页面中,按下图所示配置参数(配置基本不需要动):

 IP地址组配置:

在iMC“用户>接入策略管理>portal服务器管理”中选择“IP地址组配置”,在“IP地址组”页面中单击按钮,按下图所示配置参数:

 IP地址组配置:

在iMC“用户>接入策略管理>portal服务器管理”中选择“设备配置”,在“设备配置”页面中单击按钮,按下图所示配置参数:

 IP地址组配置:

在iMC“用户>接入策略管理>portal服务器管理>设备配置”中选择“端口组配置”,在“端口组配置”页面中,按下图所示配置参数:

6.结果验证:

打开IE浏览器,输入任意网站,触发portal认证,在弹出页面中输入用户名和密码,单击“上线”

注意:此IMC版本为V7版本。

《直接portal认证实验总结.docx》
将本文的Word文档下载,方便收藏和打印
推荐度:
直接portal认证实验总结
点击下载文档
相关专题 portal认证学习小结 认证 portal portal认证学习小结 认证 portal
[其他工作总结]相关推荐
    [其他工作总结]热门文章
      下载全文
      刀豆文库手机版