h 3 c wx 5004 acドッキングpotal 2.0
7671 ワード
位相マップ
第一歩
プロファイル
行のリストの設定
DHCPゲートウェイDNS上聯IPなど
ポートサーバの心拍検出方式を設定するのはHTTPです。
radiusテンプレートの設定
ポート認証ドメインの設定
第六歩
Portal認証を有効にする必要があるVlanでpotalテンプレート認証ドメインを有効にします。 とURLを設定します
第一歩
プロファイル
portal server portal ip 192.168.23.164 key cipher $c$3$ZqN5KTxVG3W38gw6jL8dith9Kf6qjr/2HA== url http://192.168.23.164 server-type imc行のリストの設定
DHCPゲートウェイDNS上聯IPなど
portal free-rule 2 source ip any destination ip 192.168.23.115 mask 255.255.255.255
portal free-rule 3 source ip any destination ip 61.139.2.69 mask 255.255.255.255
portal free-rule 4 source ip any destination ip 192.168.23.164 mask 255.255.255.255
portal free-rule 5 source ip any destination ip 192.168.23.1 mask 255.255.255.255
portal free-rule 7 source ip 192.168.23.115 mask 255.255.255.255 destination ip any
portal free-rule 8 source ip 61.139.2.69 mask 255.255.255.255 destination ip any
portal free-rule 9 source ip 192.168.23.164 mask 255.255.255.255 destination ip any
portal free-rule 10 source ip 192.168.23.1 mask 255.255.255.255 destination ip any
portal free-rule 11 source ip 30.0.0.1 mask 255.255.255.255 destination ip any
portal free-rule 12 source ip 100.0.0.1 mask 255.255.255.255 destination ip any
portal free-rule 13 source ip any destination ip 30.0.0.1 mask 255.255.255.255
portal free-rule 14 source ip any destination ip 100.0.0.1 mask 255.255.255.255ポートサーバの心拍検出方式を設定するのはHTTPです。
portal server portal server-detect method http action permit-all interval 500 retry 5radiusテンプレートの設定
radius scheme office
server-type extended
primary authentication 192.168.23.164
primary accounting 192.168.23.164
key authentication cipher $c$3$HXrU88e5haRYKHd4vApmJ1dKpjcAUjHABQ/cbw==
key accounting cipher $c$3$eXB7odr8v02LfmSiaw5n2ddjlVH9Gahfupqhew==
user-name-format without-domain
nas-ip 30.0.0.1ポート認証ドメインの設定
domain office
authentication portal radius-scheme office
authorization portal radius-scheme office
accounting portal radius-scheme office
access-limit disable
state active
idle-cut enable 60 10240
self-service-url disable第六歩
Portal認証を有効にする必要があるVlanでpotalテンプレート認証ドメインを有効にします。 とURLを設定します
interface Vlan-interface300
ip address 30.0.0.1 255.255.255.0
portal server portal method direct
portal domain office
portal nas-ip 30.0.0.1
portal url-param nas-ip 30.0.0.1
portal url-param include user-mac param-name mac
portal url-param include nas-ip param-name basip
portal url-param include user-url param-name url
portal url-param include user-ip param-name wlanuserip
portal url-param include ac-name param-name nasname
portal url-param include ssid param-name ssidh3c wx5004 ac
dis cur
#
version 5.20, Release 2509P33
#
sysname H3C
#
domain default enable system
#
telnet server enable
#
port-security enable
#
portal server portal ip 192.168.23.164 key cipher $c$3$ZqN5KTxVG3W38gw6jL8dith9Kf6qjr/2HA== url http://192.168.23.164 server-type imc
portal free-rule 2 source ip any destination ip 192.168.23.115 mask 255.255.255.255
portal free-rule 3 source ip any destination ip 61.139.2.69 mask 255.255.255.255
portal free-rule 4 source ip any destination ip 192.168.23.164 mask 255.255.255.255
portal free-rule 5 source ip any destination ip 192.168.23.1 mask 255.255.255.255
portal free-rule 7 source ip 192.168.23.115 mask 255.255.255.255 destination ip any
portal free-rule 8 source ip 61.139.2.69 mask 255.255.255.255 destination ip any
portal free-rule 9 source ip 192.168.23.164 mask 255.255.255.255 destination ip any
portal free-rule 10 source ip 192.168.23.1 mask 255.255.255.255 destination ip any
portal free-rule 11 source ip 30.0.0.1 mask 255.255.255.255 destination ip any
portal free-rule 12 source ip 100.0.0.1 mask 255.255.255.255 destination ip any
portal free-rule 13 source ip any destination ip 30.0.0.1 mask 255.255.255.255
portal free-rule 14 source ip any destination ip 100.0.0.1 mask 255.255.255.255
portal server portal server-detect method http action permit-all interval 500 retry 5
#
password-recovery enable
#
vlan 1
#
vlan 100
#
vlan 200
#
vlan 300
#
radius scheme office
server-type extended
primary authentication 192.168.23.164
primary accounting 192.168.23.164
key authentication cipher $c$3$HXrU88e5haRYKHd4vApmJ1dKpjcAUjHABQ/cbw==
key accounting cipher $c$3$eXB7odr8v02LfmSiaw5n2ddjlVH9Gahfupqhew==
user-name-format without-domain
nas-ip 30.0.0.1
#
domain office
authentication portal radius-scheme office
authorization portal radius-scheme office
accounting portal radius-scheme office
access-limit disable
state active
idle-cut enable 60 10240
self-service-url disable
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool vlan100
network 100.0.0.0 mask 255.255.255.0
gateway-list 100.0.0.1
#
dhcp server ip-pool vlan300
network 30.0.0.0 mask 255.255.255.0
gateway-list 30.0.0.1
dns-list 61.139.2.69
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$h7QeElbuUvA3pUaJveaGL5x7dLlKamfx
authorization-attribute level 3
service-type telnet
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan service-template 1 clear
ssid airocov_test
bind WLAN-ESS 1
client forwarding-mode local vlan 300
service-template enable
#
interface NULL0
#
interface Vlan-interface1
ip address dhcp-alloc
#
interface Vlan-interface100
ip address 100.0.0.1 255.255.255.0
#
interface Vlan-interface300
ip address 30.0.0.1 255.255.255.0
portal server portal method direct
portal domain office
portal nas-ip 30.0.0.1
portal url-param nas-ip 30.0.0.1
portal url-param include user-mac param-name mac
portal url-param include nas-ip param-name basip
portal url-param include user-url param-name url
portal url-param include user-ip param-name wlanuserip
portal url-param include ac-name param-name nasname
portal url-param include ssid param-name ssid
#
interface GigabitEthernet1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100 300
port trunk pvid vlan 100
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface Ten-GigabitEthernet1/0/5
#
interface WLAN-ESS1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 200 untagged
port hybrid pvid vlan 200
mac-vlan enable
#
wlan ap-group default_group
ap officeap
#
wlan ap officeap model WA2620 id 1
map-configuration apcfg.txt
serial-id 219801A0D1C156001323
radio 1
radio 2
service-template 1 vlan-id 300
radio enable
#
wlan ips
malformed-detect-policy default
signature deauth_flood signature-id 1
signature broadcast_deauth_flood signature-id 2
signature disassoc_flood signature-id 3
signature broadcast_disassoc_flood signature-id 4
signature eapol_logoff_flood signature-id 5
signature eap_success_flood signature-id 6
signature eap_failure_flood signature-id 7
signature pspoll_flood signature-id 8
signature cts_flood signature-id 9
signature rts_flood signature-id 10
signature addba_req_flood signature-id 11
signature-policy default
countermeasure-policy default
attack-detect-policy default
virtual-security-domain default
attack-detect-policy default
malformed-detect-policy default
signature-policy default
countermeasure-policy default
#
ip route-static 0.0.0.0 0.0.0.0 192.168.23.1
#
undo info-center logfile enable
#
dhcp enable
#
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
#
return