H3C AC V7 在接口下配置Portal认证-阿里云开发者社区

开发者社区> 技术小大人> 正文

H3C AC V7 在接口下配置Portal认证

简介:
+关注继续查看

[Nington_WX3510H_01]dis current-configuration 
#
version 7.1.064, Release 5117P14
#
sysname Nington_WX3510H_01
#
telnet server enable
#
irf mac-address persistent timer
irf auto-update enable
irf auto-merge enable
irf member 1 priority 1
#
dhcp enable
dhcp server forbidden-ip 10.123.160.1
dhcp server forbidden-ip 10.123.160.254
dhcp server forbidden-ip 10.123.161.1
#
password-recovery enable
#
vlan 1
#
vlan 30
name server

vlan 160
name ap
#
vlan 161
name yewu
#
irf-port 1
#
dhcp server ip-pool ap
gateway-list 10.123.160.1
network 10.123.160.0 mask 255.255.255.0
dns-list 114.114.114.114
#
dhcp server ip-pool client
gateway-list 10.123.161.1
network 10.123.161.0 mask 255.255.255.0
dns-list 114.114.114.114
#
wlan service-template 1
ssid ND_H3CV7_LY
vlan 161
service-template enable

interface NULL0
#
interface Vlan-interface1
#
interface Vlan-interface160
ip address 10.123.160.1 255.255.255.0
#
interface Vlan-interface161
ip address 10.123.161.1 255.255.255.0
portal enable method direct
portal domain h3c
portal bas-ip 10.123.161.1
portal apply web-server am
portal apply mac-trigger-server ndkey
#
interface GigabitEthernet1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 30 160 to 161
#
interface GigabitEthernet1/0/2
port access vlan 160

interface GigabitEthernet1/0/3
port access vlan 30
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
scheduler logfile size 16
#
line class console
user-role network-admin
#
line class vty
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 31
authentication-mode scheme
user-role network-operator
#
ip route-static 0.0.0.0 0 10.123.160.254
#
undo info-center logfile enable
#
radius session-control enable
#
radius scheme ndkey
primary authentication 192.168.222.192
primary accounting 192.168.222.192
key authentication cipher $c$3$ClvnzXNvJ4PpSXqebcZteQ2oKWOCJhCCAcaI
key accounting cipher $c$3$8vEW89B7vX89KWhLYj1i9i8HcwfI92FWkdSZ
user-name-format without-domain
nas-ip 10.123.161.1
#
radius dynamic-author server 
client ip 192.168.222.192 key cipher $c$3$KNxbCQYq4Rn0oNh6CHZrwSt6c34fkEm97XBJ
#
domain h3c 
authentication portal radius-scheme ndkey
authorization portal radius-scheme ndkey
accounting portal radius-scheme ndkey
#
domain system
#
domain default enable h3c
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role

role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash $h$6$ey/uCDUk7m/eB+jx$0UepqE4Q46BMbZ7GrirRfhIUvBI/wLULX7YumphlgHk4EVos8RV4LZ8Ht7/TAlPXANTN5wWjwY+2k4jZguwKsA==
service-type telnet http https
authorization-attribute user-role network-admin
#
portal free-rule 1 source ip any destination ip 192.168.3.0 255.255.255.0
portal free-rule 2 source ip any destination ip 8.8.8.8 255.255.255.255
portal free-rule 3 source ip any destination ip 10.123.160.0 255.255.255.0
portal free-rule 4 source ip any destination ip 114.114.114.0 255.255.255.0
portal free-rule 5 source ip any destination ip 192.168.222.0 255.255.255.0
#
portal web-server am
url http://192.168.222.192:8080/am/portal/serviceId/SN1727240520/ac/H3CV7/ssid/ND_H3CV7_LY
server-type cmcc
url-parameter ssid ssid
url-parameter wlanacname value AC
url-parameter wlanuserip source-address
url-parameter wlanusermac source-mac
#
portal server am
ip 192.168.222.192 key cipher $c$3$i5xPYE7u5raqnCiogF0PONSz9EB6brmzDZn9
server-type cmcc
#
ip http enable
ip https enable
#
portal mac-trigger-server ndkey
ip 192.168.222.192
server-type cmcc
aaa-fail nobinding enable
#
wlan auto-ap enable
wlan auto-persistent enable
#
wlan global-configuration
firmware-upgrade enable

wlan ap-group default-group
vlan 1
#
wlan ap ap-01 model WA4320i-ACN 
serial-id 210235A1GPC163001309
vlan 1
radio 1
radio enable
service-template 1
radio 2
radio enable
service-template 1
gigabitethernet 1
gigabitethernet 2
#
return



本文转自    msft 博客,原文链接:     http://blog.51cto.com/victorly/2058224   如需转载请自行联系原作者


版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。

相关文章
[教程]在CentOS7上配置 FTP服务器 Proftpd 支持 MySQL 虚拟用户加密认证以及磁盘限额(Quota)
本文软件采用 yum 安装,不需要编译,而且随时都可以跟随 CentOS 升级 Proftpd 到最新版本,以避免可能的漏洞攻击。利用 Proftpd 现成的配置以及设置好的各种模块,可以实现 sftp 和 ssh 的结合,完美的实现虚拟用户加密密码存放于数据库。
3731 0
nginx用户认证配置( Basic HTTP authentication)
ngx_http_auth_basic_module模块实现让访问着,只有输入正确的用户密码才允许访问web内容。web上的一些内容不想被其他人知道,但是又想让部分人看到。nginx的http auth模块以及Apache http auth都是很好的解决方案。
913 0
Spring Boot使用过滤器和拦截器分别实现REST接口简易安全认证
本文通过一个简易安全认证示例的开发实践,理解过滤器和拦截器的工作原理。
4844 0
951
文章
0
问答
文章排行榜
最热
最新
相关电子书
更多
文娱运维技术
立即下载
《SaaS模式云原生数据仓库应用场景实践》
立即下载
《看见新力量:二》电子书
立即下载