Portal服務器是基於web進行認證的機制,屬於B/S架構。通過和RADIUS進行配合,可以呈現用戶連網彈網頁,輸入用戶名密碼后即可上網。
當前portal認真的相關版本:
各家廠家的版本各有差異,公有標准的為portal2.0標准。
而portal3.0是為IPv6進行的適配。
這里H3C的portal2.0是CMCC的標准。也是通用標准接口。
H3C AC相關配置:
版本V5,型號:LSQ1WCMD0(板卡式AC)
配置portal認證:
portal server sundray_portal ip 10.0.10.22 url http://10.0.10.22/?url_id=1607641 server-type cmcc #配置URL及協議版本
portal free-rule 3 source ip 10.10.160.0 mask 255.255.224.0 destination ip any #白名單,寫入后網段或Ip地址或端口不用進行認證。
portal wlan ssid Expo_Center_Free server sundray_portal domain dsf-portal #SSID號和domain想對應
portal mac-trigger server ip 10.0.10.22
#配置URL代的參數
portal url-param include user-mac
portal url-param include nas-ip param-name wlanacip
portal url-param include ap-mac param-name apmac
portal url-param include user-url
portal url-param include user-ip
portal其他參數:
portal host-check wlan
portal silent ios optimize
portal safe-redirect enable
portal safe-redirect method get post
portal safe-redirect user-agent Andriod
portal safe-redirect user-agent CaptiveNetworkSupport
配置radius參數:
radius scheme dsf-portal
server-type extended
primary authentication 10.0.10.22
primary accounting 10.0.10.22
key authentication cipher $c$3$6FpFlPjx7jpCsVhgflm6nH8YiOrEnAuT+w== #默認為123456
key accounting cipher $c$3$LRr7EjHcuPutYY0eopNZgytQc9FIUx7+hw== #該為計費系統的秘鑰:默認123456
user-name-format without-domain
nas-ip 10.0.2.246
accounting-on enable interval 15
配置域名:
domain dsf-portal
authentication portal radius-scheme dsf-portal
authorization portal radius-scheme dsf-portal
accounting portal radius-scheme dsf-portal
access-limit disable
state active
idle-cut enable 5 10240
self-service-url disable
華為portal認證配置:
Huawei AC6605 版本:V200R006C10SPC100
radius-server template ndkey-wcc-radius
radius-server shared-key cipher %^%##]iND0f2x8p_=EWjzY2.I`(FUy/INB>`7_:+~f+I%^%#
radius-server authentication 10.0.10.22 1812 weight 80
radius-server accounting 10.0.10.22 1813 weight 80
radius-server authorization 10.0.10.22 shared-key cipher %^%#{"E%OMEJ31zjZtU(7U*/C~Q#/n6gX+;nqtMMxI^E%^%#
free-rule-template name default_free_rule
free-rule 0 destination ip 61.128.128.68 mask 255.255.255.255 source ip any
free-rule 2 destination ip any source ip 192.168.250.0 mask 255.255.255.0
url-template name ndkey-wcc-web
url http://10.0.10.22/?url_id=16077300
url-parameter redirect-url redirect-url ssid ssid user-ipaddress user-ipaddress user-mac user-mac
web-auth-server ndkey-wcc-web-ser
server-ip 10.0.10.22
port 50100
shared-key cipher %^%#:q@[M'^_j)HG2Z!2s8_!==&p,\VR#Esp(UDMt=}Q%^%#
url http://10.0.10.22/?url_id=16077300
url-template ndkey-wcc-web
portal-access-profile name portal1701
web-auth-server ndkey-wcc-web-ser direct
#
portal-access-profile name portal1702
web-auth-server ndkey-wcc-web-ser direct
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authentication-scheme ndkey-wcc-radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
accounting-scheme ndkey-wcc-radius
accounting-mode radius
domain default
authentication-scheme ndkey-wcc-radius
accounting-scheme ndkey-wcc-radius
radius-server ndkey-wcc-radius
domain default_admin
domain huawei.com
authentication-scheme ndkey-wcc-radius
accounting-scheme ndkey-wcc-radius
radius-server ndkey-wcc-radius