开启辅助访问 设为首页     收藏本站     HTTPS安全访问
 找回密码
 立即注册

华为外部Portal认证 Radius认证计费 实现基于Mac快速认证的Mac无感知认证和结合CAS...

admin 回复:0 | 查看:8619 | 发表于 2021-10-12 08:46:12 |阅读模式 |复制链接
华为外部Portal认证 Radius认证计费
实现基于Mac快速认证的Mac无感知认证
结合CAS单点登录统一认证平台
AD域LDAP对接配置
实现用户名密码实名认证 访客短信认证 二维码扫码 钉钉授权认证 来宾身份证刷卡快速开户

双因子 多因子 融合认证
介绍:          
    OpenPortal网络准入认证计费系统,支持与华为所有支持Portal认证的AC控制器如AC6005 AC6605等,以及所有支持Portal认证的三层交换机如S5700 S7606 7706 7703等,以及所有支持Portal认证的接入路由如华为AR-6280等,以及多业务网关BRAS如me60  ma5200等设备进行对接。

    OpenPortal包含Portal协议认证系统+Radius AAA认证计费授权系统,支持CMCC V1 V2协议标准,华为Portal协议V1 V2等,支持Radius协议RFC2865,RFC2866标准,支持CMCC标准mac-trigger协议和mac auth标准的MAC优先的MAC快速认证、无感知认证,支持限速策略下发、ACL下发、ip-pool下发等一系列接入策略配置。

    支持用户名密码认证、短信认证、钉钉授权认证、微信认证、公众号认证、答题认证、视频倒计时认证、人脸识别认证、访客二维码授权认证、LDAP AD域结合认证、第三方OA系统扩展认证等等各种认证模式,支持二次代拨认证等技术,支持用户自助注册,自行选择计费套餐进行支付宝、微信自助缴费等。

详细情况可以加入QQ群:119688084 ,或咨询QQ/WX:25901875

http://www.openportalserver.com

http://www.openportal.com.cn

需求:        

    整套华为AC6605或者AC6005+AP的网络环境基础上,实现支持MAC快速认证优先的Portal认证网络接入模式。

具体拓扑如下:


00.png

设备配置:

authentication-profile name iLab
mac-access-profile iLab
portal-access-profile iLab
free-rule-template portal
access-domain ilab
permit-domain name ilab

#
radius-server template portal
radius-server shared-key cipher portal
radius-server authentication 10.240.63.200 1812 weight 80
radius-server accounting 10.240.63.200 1813 weight 80
undo radius-server user-name domain-included
radius-attribute nas-ip 172.16.0.52
radius-server authorization 10.240.63.200 shared-key cipher portal


#                                         
free-rule-template name portal
free-rule 0 destination ip any source ip 10.240.63.200 mask 255.255.255.255
free-rule 1 destination ip 10.240.63.200 mask 255.255.255.255 source ip any
free-rule 2 destination ip any source ip 10.210.255.1 mask 255.255.255.255
free-rule 3 destination ip 10.210.255.1 mask 255.255.255.255 source ip any
free-rule 4 destination ip any source ip 10.200.255.1 mask 255.255.255.255
free-rule 5 destination ip 10.200.255.1 mask 255.255.255.255 source ip any
free-rule 6 destination ip any source ip 172.16.1.0 mask 255.255.255.0
free-rule 7 destination ip 172.16.1.0 mask 255.255.255.0 source ip any
free-rule 8 destination ip any source ip 172.16.0.51 mask 255.255.255.255
free-rule 9 destination ip 172.16.0.51 mask 255.255.255.255 source ip any
free-rule 10 destination ip any source ip 172.16.0.254 mask 255.255.255.255
free-rule 11 destination ip 172.16.0.254 mask 255.255.255.255 source ip any
free-rule 12 destination ip any source ip 172.16.0.52 mask 255.255.255.255
free-rule 13 destination ip 172.16.0.52 mask 255.255.255.255 source ip any
free-rule 30 destination ip any source ip 202.115.112.11 mask 255.255.255.255
free-rule 31 destination ip 202.115.112.11 mask 255.255.255.255 source ip any
free-rule 32 destination ip any source ip 10.9.249.25 mask 255.255.255.255
free-rule 33 destination ip 10.9.249.25 mask 255.255.255.255 source ip any
free-rule 40 destination ip any source ip 10.240.101.1 mask 255.255.255.255
free-rule 41 destination ip 10.240.101.1 mask 255.255.255.255 source ip any
free-rule 42 destination ip any source ip 10.240.102.1 mask 255.255.255.255
free-rule 43 destination ip 10.240.102.1 mask 255.255.255.255 source ip any
free-rule 44 destination ip any source ip 10.240.103.1 mask 255.255.255.255
free-rule 45 destination ip 10.240.103.1 mask 255.255.255.255 source ip any
free-rule 46 destination ip any source ip 10.240.104.1 mask 255.255.255.255
free-rule 47 destination ip 10.240.104.1 mask 255.255.255.255 source ip any
free-rule 48 destination ip any source ip 10.240.105.1 mask 255.255.255.255
free-rule 49 destination ip 10.240.105.1 mask 255.255.255.255 source ip any
free-rule 50 destination ip any source ip 10.240.106.1 mask 255.255.255.255
free-rule 51 destination ip 10.240.106.1 mask 255.255.255.255 source ip any
free-rule 52 destination ip any source ip 10.240.107.1 mask 255.255.255.255
free-rule 53 destination ip 10.240.107.1 mask 255.255.255.255 source ip any
free-rule 54 destination ip any source ip 10.240.108.1 mask 255.255.255.255
free-rule 55 destination ip 10.240.108.1 mask 255.255.255.255 source ip any
free-rule 56 destination ip any source ip 10.240.109.1 mask 255.255.255.255
free-rule 57 destination ip 10.240.109.1 mask 255.255.255.255 source ip any
free-rule 58 destination ip any source ip 10.240.110.1 mask 255.255.255.255
free-rule 59 destination ip 10.240.110.1 mask 255.255.255.255 source ip any
free-rule 60 destination ip any source ip 10.240.111.1 mask 255.255.255.255
free-rule 61 destination ip 10.240.111.1 mask 255.255.255.255 source ip any
free-rule 62 destination ip any source ip 10.240.112.1 mask 255.255.255.255
free-rule 63 destination ip 10.240.112.1 mask 255.255.255.255 source ip any
free-rule 64 destination ip any source ip 10.240.113.1 mask 255.255.255.255
free-rule 65 destination ip 10.240.113.1 mask 255.255.255.255 source ip any
free-rule 66 destination ip any source ip 10.240.114.1 mask 255.255.255.255
free-rule 67 destination ip 10.240.114.1 mask 255.255.255.255 source ip any
free-rule 68 destination ip any source ip 10.240.115.1 mask 255.255.255.255
free-rule 69 destination ip 10.240.115.1 mask 255.255.255.255 source ip any
free-rule 70 destination ip any source ip 10.240.116.1 mask 255.255.255.255
free-rule 71 destination ip 10.240.116.1 mask 255.255.255.255 source ip any
free-rule 72 destination ip any source ip 10.240.117.1 mask 255.255.255.255
free-rule 73 destination ip 10.240.117.1 mask 255.255.255.255 source ip any
free-rule 74 destination ip any source ip 10.240.118.1 mask 255.255.255.255
free-rule 75 destination ip 10.240.118.1 mask 255.255.255.255 source ip any
free-rule 76 destination ip any source ip 10.240.119.1 mask 255.255.255.255
free-rule 77 destination ip 10.240.119.1 mask 255.255.255.255 source ip any
free-rule 78 destination ip any source ip 10.240.120.1 mask 255.255.255.255
free-rule 79 destination ip 10.240.120.1 mask 255.255.255.255 source ip any
free-rule 80 destination ip any source ip 10.240.121.1 mask 255.255.255.255
free-rule 81 destination ip 10.240.121.1 mask 255.255.255.255 source ip any
free-rule 82 destination ip any source ip 10.240.122.1 mask 255.255.255.255
free-rule 83 destination ip 10.240.122.1 mask 255.255.255.255 source ip any
free-rule 84 destination ip any source ip 10.240.123.1 mask 255.255.255.255
free-rule 85 destination ip 10.240.123.1 mask 255.255.255.255 source ip any
free-rule 86 destination ip any source ip 10.240.124.1 mask 255.255.255.255
free-rule 87 destination ip 10.240.124.1 mask 255.255.255.255 source ip any
free-rule 88 destination ip any source ip 10.240.125.1 mask 255.255.255.255
free-rule 89 destination ip 10.240.125.1 mask 255.255.255.255 source ip any
#
url-template name portal
url http://10.240.63.200                 
url-parameter user-mac mac user-ipaddress wlanuserip ap-mac apmac ap-ip apip device-ip basip ssid ssid sysname nasname
url-parameter mac-address format delimiter : normal
url-parameter set device-ip 172.16.0.52
url-parameter set sysname ac6605backup
#
web-auth-server portal
server-ip 10.240.63.200
port 50100
shared-key cipher portal
url http://10.240.63.200
url-template portal
source-ip 172.16.0.52
#
portal-access-profile name iLab
web-auth-server portal direct
#

#
aaa
authentication-scheme iLab
  authentication-mode radius
accounting-scheme iLab
  accounting-mode radius
  accounting realtime 3
domain ilab
  authentication-scheme iLab
  accounting-scheme iLab
  radius-server portal
#


#
mac-access-profile name iLab

OpenPortal对接截图:








回复

使用道具 举报

登录 发布 快速回复 返回顶部 返回列表