admin 发表于 2015-11-30 11:17:20

H3C-MSR 2311 对接OpenPortal Portal协议WEB认证WIFI认证系统 配置

H3C-MSR 2311 对接OpenPortal Portal协议WEB认证WIFI认证系统 配置

2015/8/12 13:13:39
<H3C-MSR>dis      
<H3C-MSR>display cu      
<H3C-MSR>display current-configuration
#
version 5.20, Release 2311
#
sysname H3C-MSR
#
ftp server enable
#
l2tp enable
#
firewall enable
#
nat address-group 1
nat aging-time udp 180
#
domain default enable system
#
dar p2p signature-file flash:/p2p_default.mtd
#
lldp enable
#
qos carl 1 destination-ip-address range 192.169.0.31 to 192.169.0.254 per-address share
d-bandwidth
qos carl 10 source-ip-address range 192.169.0.31 to 192.169.0.254 per-address shared-ba
ndwidth
#
portal server portal ip 192.169.0.20 key cipher $c$3$tmKimwpWYurgJSFeXElUKoFApV9rMZ6xfw
== url http://192.169.0.20:8080
portal free-rule 0 source ip any destination ip 218.201.4.3 mask 255.255.255.255
portal free-rule 1 source ip any destination ip 192.169.0.20 mask 255.255.255.255
portal server portal server-detect method http action permit-all interval 60 retry 5
#
ip http port 9000
#
blacklist enable
#
acl number 3000
rule 0 permit ip source 192.169.0.0 0.0.15.255
rule 1 permit ip source 192.169.101.0 0.0.0.255
rule 100 deny ip
acl number 3002 name LAN-Defend
rule 0 deny tcp destination-port eq 135
rule 1 deny udp destination-port eq 135
rule 2 deny tcp destination-port eq 139
rule 3 deny udp destination-port eq netbios-dgm
rule 4 deny udp destination-port eq netbios-ns
rule 5 deny udp destination-port eq netbios-ssn
rule 6 deny tcp destination-port eq 137
rule 7 deny tcp destination-port eq 138
rule 8 deny udp destination-port eq 136
rule 200 permit icmp
rule 300 permit ip source 192.169.0.0 0.0.15.255
rule 301 permit ip source 192.169.101.0 0.0.0.255
rule 302 permit ip source 192.169.99.0 0.0.0.7
rule 303 permit udp destination-port eq bootps
rule 400 deny ip
acl number 3003 name WAN-Defend
rule 0 deny tcp destination-port eq 135
rule 1 deny udp destination-port eq 135
rule 2 deny udp destination-port eq netbios-dgm
rule 3 deny udp destination-port eq netbios-ns
rule 4 deny udp destination-port eq netbios-ssn
rule 5 deny tcp destination-port eq 139
rule 6 deny tcp destination-port eq 137
rule 7 deny tcp destination-port eq 138
rule 8 deny udp destination-port eq 136

rule 300 permit udp source-port eq dns
rule 400 permit ip destination 192.169.0.0 0.0.15.255
rule 401 permit ip destination 192.169.101.0 0.0.0.255
rule 402 permit ip destination 192.169.99.0 0.0.0.7
rule 403 permit tcp destination-port eq 22
rule 404 permit tcp destination-port eq www
rule 405 permit tcp destination-port eq 443
rule 406 permit udp destination-port eq 1701
rule 407 deny ip
acl number 3100
description inside access domain-server
rule 10 deny ip source 192.169.10.0 0.0.0.255
rule 11 deny ip source 192.169.11.0 0.0.0.255
rule 12 deny ip source 192.169.12.0 0.0.0.255
rule 13 deny ip source 192.169.13.0 0.0.0.255
rule 14 deny ip source 192.169.14.0 0.0.0.255
rule 15 deny ip source 192.169.15.0 0.0.0.255
rule 100 permit ip source 192.169.0.0 0.0.15.255 destination 192.169.0.20 0
rule 1000 deny ip
#


#
vlan 1
#
radius scheme radius
primary authentication 192.169.0.20 1645 key cipher $c$3$pBtH9ea/vw5AfpLwHPg20KlJE1fGRK
NHJw==
primary accounting 192.169.0.20 1646 key cipher $c$3$iZTSbzm+q0xelQbsrxER90iYAQKV6aORPA
==
timer realtime-accounting 3
#
domain portal
authentication portal radius-scheme radius local
authorization portal radius-scheme radius local
accounting portal radius-scheme radius local
access-limit disable
state active
idle-cut disable
self-service-url disable
domain pppoe
accounting lan-access radius-scheme radius
authentication ppp radius-scheme radius local
authorization ppp radius-scheme radius local
accounting ppp radius-scheme radius
access-limit disable
state active
idle-cut enable 10 10240
self-service-url disable
ip pool 3 192.169.101.2 192.169.101.254
domain pppoe-server-10
accounting lan-access radius-scheme radius
authentication ppp radius-scheme radius local
authorization ppp radius-scheme radius local
accounting ppp radius-scheme radius
access-limit disable
state active
idle-cut enable 10 10240
self-service-url disable
ip pool 10 192.169.10.2 192.169.10.254
domain pppoe-server-11
accounting lan-access radius-scheme radius
authentication ppp radius-scheme radius local
authorization ppp radius-scheme radius local
accounting ppp radius-scheme radius
access-limit disable
state active
idle-cut enable 10 10240
self-service-url disable
ip pool 11 192.169.11.2 192.169.11.254
domain pppoe-server-12
accounting lan-access radius-scheme radius
authentication ppp radius-scheme radius local
authorization ppp radius-scheme radius local
accounting ppp radius-scheme radius
access-limit disable
state active
idle-cut enable 10 10240
self-service-url disable
ip pool 12 192.169.12.2 192.169.12.254
domain pppoe-server-13
accounting lan-access radius-scheme radius
authentication ppp radius-scheme radius local
authorization ppp radius-scheme radius local
accounting ppp radius-scheme radius
access-limit disable
state active
idle-cut enable 10 10240
self-service-url disable
ip pool 13 192.169.13.2 192.169.13.254
domain pppoe-server-14
accounting lan-access radius-scheme radius
authentication ppp radius-scheme radius local
authorization ppp radius-scheme radius local
accounting ppp radius-scheme radius
access-limit disable
state active
idle-cut enable 10 10240
self-service-url disable
ip pool 14 192.169.14.2 192.169.14.254
domain pppoe-server-15
accounting lan-access radius-scheme radius
authentication ppp radius-scheme radius local
authorization ppp radius-scheme radius local
accounting ppp radius-scheme radius
access-limit disable
state active
idle-cut enable 10 10240
self-service-url disable
ip pool 15 192.169.15.2 192.169.15.254
domain system   
authentication ppp local
access-limit disable
state active
idle-cut disable
self-service-url disable
ip pool 2 192.169.99.2 192.169.99.10
#
pki entity ssl
common-name ssl
organization-unit xxzx
organization gxgs
locality chongqing
state chongqing
country cn
#
pki domain ssl
ca identifier ssl
certificate request from ra
certificate request entity ssl
crl check disable
#
dhcp server ip-pool 1
network 192.169.0.0 mask 255.255.255.0
gateway-list 192.169.0.1
dns-list 218.201.4.3 218.201.17.2
expired day 5
#
dhcp server ip-pool vlan-10
network 192.169.10.0 mask 255.255.255.0
gateway-list 192.169.10.1
dns-list 218.201.4.3 218.201.21.132
#
dhcp server ip-pool vlan-11
network 192.169.11.0 mask 255.255.255.0
gateway-list 192.169.11.1
dns-list 218.201.4.3 218.201.21.132
#
dhcp server ip-pool vlan-12
network 192.169.12.0 mask 255.255.255.0
gateway-list 192.169.12.1
dns-list 218.201.4.3 218.201.21.132
#
dhcp server ip-pool vlan-13
network 192.169.13.0 mask 255.255.255.0
gateway-list 192.169.13.1
dns-list 218.201.4.3 218.201.21.132
#
dhcp server ip-pool vlan-14
network 192.169.14.0 mask 255.255.255.0
gateway-list 192.169.14.1
dns-list 218.201.4.3 218.201.21.132
#
dhcp server ip-pool vlan-15
network 192.169.15.0 mask 255.255.255.0
gateway-list 192.169.15.1
dns-list 218.201.4.3 218.201.21.132
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$OPmwVHESNbfHNXczEeMcdq2DmRDCR7kmS/E=
authorization-attribute level 3
service-type ssh terminal
service-type ftp
service-type web
local-user dot1x
password cipher $c$3$nWqagHMVZB63q5qHyLqXBdUlHB39vQ2RPnE=
service-type lan-access
local-user h3c
password cipher $c$3$ZHwyfLAqYN93aNiWN5J8OHGVh3EAgA==
service-type ppp
service-type portal
#
ssl server-policy sslvpn
pki-domain ssl
#
cwmp
undo cwmp enable
#
l2tp-group 1
allow l2tp virtual-template 1
tunnel name LNS
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
#               
interface Ethernet0/0
port link-mode route
pppoe-server bind Virtual-Template 2
#
interface Ethernet0/1
port link-mode route
firewall packet-filter 3003 inbound
nat outbound 3000 address-group 1

ip address
dar enable
qos car inbound carl 1 cir 1600 cbs 100000 ebs 0 green pass red discard
qos car outbound carl 10 cir 400 cbs 25000 ebs 0 green pass red discard
#
interface Ethernet0/2
port link-mode route
speed 100
#
interface Ethernet0/2.10
vlan-type dot1q vid 10
nat outbound 3100
ip address 192.169.10.1 255.255.255.0
#
interface Ethernet0/2.11
vlan-type dot1q vid 11
nat outbound 3100
ip address 192.169.11.1 255.255.255.0
#
interface Ethernet0/2.12
vlan-type dot1q vid 12
nat outbound 3100
ip address 192.169.12.1 255.255.255.0
#
interface Ethernet0/2.13
vlan-type dot1q vid 13
nat outbound 3100
ip address 192.169.13.1 255.255.255.0
#
interface Ethernet0/2.14
vlan-type dot1q vid 14
ip address 192.169.14.1 255.255.255.0
#
interface Ethernet0/2.15
vlan-type dot1q vid 15
nat outbound 3100
ip address 192.169.15.1 255.255.255.0
#
interface Ethernet0/2.20
vlan-type dot1q vid 20
nat outbound 3100
ip address 192.169.20.1 255.255.255.0
portal server portal method direct
#
interface Serial1/0
link-protocol ppp
#
interface Serial1/1
link-protocol ppp
#
interface Virtual-Template1
ppp authentication-mode chap domain system
remote address pool 2
ip address 192.169.99.1 255.255.255.0
#
interface Virtual-Template2
ppp authentication-mode chap domain pppoe
ppp account-statistics enable
ppp ipcp remote-address forced
ppp ipcp dns 218.201.4.3 218.201.21.132
remote address pool 3
ip address 192.169.101.1 255.255.255.0
#
interface Virtual-Template10
ppp authentication-mode chap domain pppoe-server-10
ppp ipcp remote-address forced
ppp ipcp dns 218.201.4.3 218.201.17.2
remote address pool 10
#
interface Virtual-Template11
ppp authentication-mode chap domain pppoe-server-11
ppp ipcp remote-address forced
ppp ipcp dns 218.201.4.3 218.201.17.2
remote address pool 11
#
interface Virtual-Template12
ppp authentication-mode chap domain pppoe-server-12
ppp ipcp remote-address forced
ppp ipcp dns 218.201.4.3 218.201.17.2
remote address pool 12
#               
interface Virtual-Template13
ppp authentication-mode chap domain pppoe-server-13
ppp ipcp remote-address forced
ppp ipcp dns 218.201.4.3 218.201.17.2
remote address pool 13
#
interface Virtual-Template14
ppp authentication-mode chap domain pppoe-server-14
ppp ipcp remote-address forced
ppp ipcp dns 218.201.4.3 218.201.17.2
remote address pool 14
#
interface Virtual-Template15
ppp authentication-mode chap domain pppoe-server-15
ppp ipcp remote-address forced
ppp ipcp dns 218.201.4.3 218.201.17.2
remote address pool 15
#
interface NULL0
#
interface Vlan-interface1
ip address 192.169.0.1 255.255.255.0
undo ip fast-forwarding
nat outbound 3100

firewall packet-filter 3002 inbound
firewall packet-filter 4000 inbound
#
interface Ethernet0/3
port link-mode bridge
#
interface Ethernet0/4
port link-mode bridge
#
dhcp-snooping
#
ssl-vpn server-policy sslvpn
ssl-vpn enable
#

#
info-center loghost 192.169.0.6 facility local6
#
dhcp server forbidden-ip 192.169.10.1 192.169.10.10
dhcp server forbidden-ip 192.169.11.1 192.169.11.10
dhcp server forbidden-ip 192.169.12.1 192.169.12.10
dhcp server forbidden-ip 192.169.13.1 192.169.13.10
dhcp server forbidden-ip 192.169.14.1 192.169.14.10
dhcp server forbidden-ip 192.169.15.1 192.169.15.10
dhcp server forbidden-ip 192.169.0.1 192.169.0.30
dhcp server detect
#
dhcp enable
#
ntp-service unicast-server 202.112.10.60
#
ssh server enable
ssh user admin service-type stelnet authentication-type password
#
arp timer aging 10
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme
#
return


2015/8/12 13:16:01


页: [1]
查看完整版本: H3C-MSR 2311 对接OpenPortal Portal协议WEB认证WIFI认证系统 配置