H3C-WX2510H对接OpenPortal网络准入认证计费系统实现Mac快速认证+Portal认证

admin · 发表于 2021-10-12 08:50:00

介绍：

      OpenPortal网络准入认证计费系统包含Portal协议认证系统+Radius AAA认证计费授权系统，支持CMCC V1 V2协议标准，华为Portal协议V1 V2等，支持Radius协议RFC2865，RFC2866标准，支持CMCC标准mac-trigger协议和mac auth标准的MAC优先的MAC快速认证、无感知认证，支持限速策略下发、ACL下发、ip-pool下发等一系列接入策略配置。

      支持用户名密码认证、短信认证、钉钉授权认证、微信认证、公众号认证、答题认证、视频倒计时认证、人脸识别认证、访客二维码授权认证、LDAP AD域结合认证、第三方OA系统扩展认证等等各种认证模式，支持二次代拨认证等技术，支持用户自助注册，自行选择计费套餐进行支付宝、微信自助缴费等。

详细情况可以加入QQ群：119688084 ，或咨询QQ/WX:25901875

需求：

      传统各种品牌杂牌有线+无线网络拓扑条件下，最小成本进行网络改造调整，实现支持MAC快速认证优先的Portal认证网络接入模式。

      引入很香的H3C-WX2510H控制器作为多业务接入网关，具体型号可以根据自己的用户量来选型。

      H3C-WX2510H可作为PPPoe拨号、专线连接的出口网关，并且该设备支持L2TP组建VPN网络（云认证计费服务部署模式下），该设备支持mac-trigger协议的MAC快速无感知认证+Portal协议。

具体拓扑如下：

设备配置：

[H3C-WX2510H]dis cur

#

version 7.1.064, Release 5226

#

sysname H3C-WX2510H

#

telnet server enable

#

dhcp enable

#

password-recovery enable

#

vlan 1

#

vlan 100

#

vlan 200

#

vlan 300

#

dhcp server ip-pool lan

gateway-list 192.168.10.1

network 192.168.10.0 mask 255.255.255.0

dns-list 114.114.114.114 8.8.8.8

forbidden-ip 192.168.10.1

forbidden-ip 192.168.10.10

#

dhcp server ip-pool wlan

gateway-list 172.16.0.1

network 172.16.0.0 mask 255.255.255.0

dns-list 114.114.114.114 8.8.8.8

forbidden-ip 172.16.0.1

forbidden-ip 172.16.0.10

#

interface NULL0

#

interface Vlan-interface100

ip address dhcp-alloc

nat outbound

undo dhcp select server

#

interface Vlan-interface200

ip address 172.16.0.1 255.255.255.0

dhcp server apply ip-pool wlan

portal enable method direct

portal domain portal

portal bas-ip 192.168.10.1

portal apply web-server portal

portal apply mac-trigger-server portal

portal outbound-filter enable

#

interface Vlan-interface300

ip address 192.168.10.1 255.255.255.0

dhcp server apply ip-pool lan

#

interface GigabitEthernet1/0/1

port link-mode bridge

port access vlan 300

#

interface GigabitEthernet1/0/2

port link-mode bridge

port access vlan 300

#

interface GigabitEthernet1/0/3

port link-mode bridge

port access vlan 300

#

interface GigabitEthernet1/0/4

port link-mode bridge

port access vlan 200

poe enable

#

interface GigabitEthernet1/0/5

port link-mode bridge

port access vlan 100

#

scheduler logfile size 16

#

line class console

user-role network-admin

#

line class vty

user-role network-operator

#

line con 0

user-role network-admin

#

line vty 0 31

authentication-mode scheme

user-role network-operator

#

undo info-center logfile enable

#

radius session-control enable

#

radius scheme portal

primary authentication 192.168.10.10

primary accounting 192.168.10.10

key authentication cipher $c$3$De1ugz33CW5QlT3ePSVbIEjq7HGVMOeFbw==

key accounting cipher $c$3$XK267tGaoBesgFjlS4j3jPV6gmAjMuW9/w==

timer realtime-accounting 5

user-name-format without-domain

nas-ip 192.168.10.1

#

radius dynamic-author server

client ip 192.168.10.10 key cipher $c$3$0n+PybswB5i2lFyTMcxl/0QI3DPep1p1Cg==

#

domain portal

authorization-attribute idle-cut 600 10240

authentication portal radius-scheme portal

authorization portal radius-scheme portal

accounting portal radius-scheme portal

#

domain system

#

domain default enable system

#

role name level-0

description Predefined level-0 role

#

role name level-1

description Predefined level-1 role

#

role name level-2

description Predefined level-2 role

#

role name level-3

description Predefined level-3 role

#

role name level-4

description Predefined level-4 role

#

role name level-5

description Predefined level-5 role

#

role name level-6

description Predefined level-6 role

#

role name level-7

description Predefined level-7 role

#

role name level-8

description Predefined level-8 role

#

role name level-9

description Predefined level-9 role

#

role name level-10

description Predefined level-10 role

#

role name level-11

description Predefined level-11 role

#

role name level-12

description Predefined level-12 role

#

role name level-13

description Predefined level-13 role

#

role name level-14

description Predefined level-14 role

#

user-group system

#

local-user admin class manage

password hash $h$6$nbriu0HPMsFsLmp2$bbsSbj0+ohrhZfas8qeXTSg9iZvVEuPHjQdUN896BzeKhbt4R3W0jejeQO8n+lvQowVbH2jLLS/TzDvHDrdpjA==

service-type telnet http https

authorization-attribute user-role network-admin

#

portal nas-port-id format 4

portal host-check enable

portal free-rule 0 source ip 192.168.10.10 255.255.255.255 destination ip any

portal free-rule 1 source ip any destination ip 192.168.10.10 255.255.255.255

portal free-rule 2 source ip 172.16.0.1 255.255.255.255 destination ip any

portal free-rule 3 source ip any destination ip 172.16.0.1 255.255.255.255

portal free-rule 4 source ip 172.16.0.10 255.255.255.255 destination ip any

portal free-rule 5 source ip any destination ip 172.16.0.10 255.255.255.255

portal free-rule 10 source ip 114.114.114.114 255.255.255.255 destination ip any

portal free-rule 11 source ip any destination ip 114.114.114.114 255.255.255.255

portal free-rule 12 source ip 8.8.8.8 255.255.255.255 destination ip any

portal free-rule 13 source ip any destination ip 8.8.8.8 255.255.255.255

#

portal web-server portal

url http://192.168.10.10

server-type cmcc

url-parameter basip value 192.168.10.1

url-parameter mac source-mac

url-parameter url original-url

url-parameter vlan vlan

url-parameter wlanuserip source-address

#

portal server portal

ip 192.168.10.10 key cipher $c$3$m3+fMyRYhKD8NHD6x+m4WIP1D4fQ7ZgSRw==

server-type cmcc

#

ip http enable

ip https enable

#

portal mac-trigger-server portal

ip 192.168.10.10 key cipher $c$3$5QU0xgzExFYbgdjriMIy7148QKSzsOacwQ==

server-type cmcc

binding-retry 1

aaa-fail nobinding enable

#

wlan global-configuration

#

wlan ap-group default-group

vlan 1

#

return

OpenPortal对接截图：

		自动登录	找回密码
密码			立即注册

H3C-WX2510H对接OpenPortal网络准入认证计费系统实现Mac快速认证+Portal认证

联系我们