OpenPortalServer开源Portal协议WEB认证服务器 简介

OpenPortalServer开源Portal协议WEB认证服务器

作者：LeeSon  

QQ:25901875

E-Mail:   [url=mailtoeeSon@vip.qq.com]LeeSon@vip.qq.com[/url]  

OpenPortal官方交流群 119688084

    该软件是基于华为AC/BASPORTAL协议的服务端程序，Java编写。

支持Huawei H3C Portal V1 V2协议PAP CHAP认证方式的Portal服务器

-------------------------------------------------------------------------------------------

新手安装配置说明：

-------------------------------------------------------------------------------------------

windows环境下：

1.首先保证已有JDK1.7环境，MySQL环境 ,tomcat7

2.解压路径无中文及空格

3.配置文件说明  \webapps\ROOT\WEB-INF\classes\jdbc.properties

    首先修改该数据库配置文件

         创建openportalserver数据库 UTF-8字符集

         导入数据库文件OpenPortalServer.sql

         后台账号：admin  密码:admin

4.配置AC设备 安装和配置Radius服务

  如果使用AC模拟器进行模拟测试则可忽略这步

  如果使用页面展示、本地接入用户认证方式   不用配置radius

5.运行 bin/startup.bat 快捷方式  

6.浏览器http://服务器IP

7.如果使用AC模拟器测试用户名密码随意  如果真实环境（不用我废话了）

-------------------------------------------------------------------------------------------

Linux环境:  安装jdk1.7  mysql  tomcat7   将解压目录下的webapps目录替换  

Portal认证服务核心引擎接口路径为   根目录的 html文件

    采用GET提交，Json信息返回！

-------------------------------------------------------------------------------------------

对接配置说明：

超时设置      3-5秒

日志记录      是否输出详细日志到文件

验证码设置    是否开启用户登陆的验证码

用户心跳      是否进行用户离线检测

超时重复次数  一次检查周期内  用户在线检测超时几次算已经下线

计费检测周期  间隔多长时间检测一次用户是否在线，余额是否够

认证方式      页面展示,本地接入用户,外接radius

自助注册开关  是否允许自助注册接入用户，默认每个新用户给10分钟的时长

设备账号      对应设备的local-user用户账号密码，在本地接入用户和页面展示   认证方式时必须配置，而且设备用默认domain

设备密码      对应设备的local-user用户账号密码，在本地接入用户和页面展示   认证方式时必须配置，而且设备用默认domain

-------------------------------------------------------------------------------------------

本地用户认证模式则    下面交换机不用设置[SWITCH]domain leeson.org   设备账号密码就是交换机的账号密码

-------------------------------------------------------------------------------------------

以华为S5700交换机为例，配置信息详细说明：

交换机配置如下配置步骤

步骤 1  

创建 VLAN 并配置接口允许通过的 VLAN，保证网络通畅。

# 创建 VLAN10 和 VLAN20。

[SWITCH] vlan batch 10 20

# 配置交换机连接上行网络的接口 E0/0/1为 Access 类型接口，并将 GE0/0/1 加入

VLAN20。

[SWITCH] interface Ethernet0/0/1

[SWITCH-Ethernet0/0/2] port link-typeaccess

[SWITCH-Ethernet0/0/2] port default vlan 20

[SWITCH-Ethernet0/0/2] quit

# 配置交换机连接 RADIUS 和portalServer 的接口 E0/0/2 为Access 类型接口，并

将 GE0/0/2 加入 VLAN20。

[SWITCH] interface Ethernet0/0/2

[SWITCH-Ethernet0/0/2] port link-typeaccess

[SWITCH-Ethernet0/0/2] port default vlan 20

[SWITCH-Ethernet0/0/2] quit

# 创建 VLANIF10 和 VLANIF20，并配置VLANIF 的 IP 地址，以使用户终端、Switch、

企业内网资源之间能够建立起路由。此处假设 VLANIF10 的 IP 地址为192.168.10.20/24；

VLANIF20 的 IP 地址为192.168.20.29/24。

[SWITCH] interface vlanif 10

[SWITCH-Vlanif10] ip address 192.168.10.2024    //10.1

[SWITCH] interface vlanif 20

[SWITCH-Vlanif20] ip address 192.168.0.124    //0.1

[SWITCH-Vlanif20] quit

步骤 2  

创建并配置 RADIUS 服务器模板、AAA 方案以及认证域。

# 创建并配置 RADIUS 服务器模板“rd1”。

[SWITCH] radius-server template rd1

[SWITCH-radius-rd1] radius-serverauthentication 192.168.0.2 1812

[SWITCH-radius-rd1] radius-serveraccounting 192.168.0.2 1813

[SWITCH-radius-rd1] radius-servershared-key simple leeson

[SWITCH-radius-rd1] radius-serverretransmit 2

[SWITCH-radius-rd1] quit

# 创建 AAA 方案“abc”并配置认证方式为RADIUS。

[SWITCH] aaa

[SWITCH-aaa] authentication-scheme abc

[SWITCH-aaa-authen-abc] authentication-moderadius

[SWITCH-aaa-authen-abc] quit

[SWITCH-aaa] accounting-scheme acc

[SWITCH-aaa-acc-abc] accounting-mode radius

[SWITCH-aaa-acc-abc] quit

# 创建认证域“leeson.org”，并在其上绑定AAA 方案“abc”与RADIUS 服务器模板“rd1”。

[SWITCH-aaa] domain leeson.org

[SWITCH-aaa-domain-isp1]authentication-scheme abc

[SWITCH-aaa-domain-isp1] accounting-schemeacc

[SWITCH-aaa-domain-isp1] radius-server rd1

[SWITCH-aaa-domain-isp1] quit

[SWITCH-aaa] quit

# 配置全局默认域为“leeson.org”。用户进行接入认证时，以格式“user@xxx.xxx”输

入用户名即可在xxx.xxx 域下进行 aaa 认证。如果用户名中不携带域名或携带的域名

不存在，用户将会在默认域中进行认证。

[SWITCH] domain leeson.org

步骤 3  

配置外部 Portal 认证

# 创建并配置名称为“abc”的 Portal 服务器模板。

[SWITCH] web-auth-server abc

[SWITCH -web-auth-server-abc] server-ip192.168.0.2

[SWITCH -web-auth-server-abc] port 50100

[SWITCH -web-auth-server-abc] shared-keysimple leeson

[SWITCH -web-auth-server-abc] urlhttp://192.168.0.2

[SWITCH -web-auth-server-abc] quit

# 使能 Portal 认证功能。

[SWITCH] interface vlanif 10

[SWITCH -Vlanif10] web-auth-server abcdirect

[SWITCH -Vlanif10] quit

步骤 4  

查看配置的 Portal 服务器的参数信息。

# 执行命令 displayweb-auth-server configuration 查看 Portal 服务器相关的

配置信息。

<SWITCH>display web-auth-serverconfiguration

  Listening port        : 2000   

Portal                : version 1, version 2  

Include reply message : enabled  

-----------------------------------------------------------------------

-  Web-auth-server Name : abc   

IP-address           : 192.168.20.30   

Shared-key           :%$%$]$c{$)Bp!XFdN>G2DBG(T#wn%$%$   

Port / PortFlag      : 50100 / NO   

URL                  : http://192.168.0.2  

Bounded Vlanif       : 10  

-----------------------------------------------------------------------

-   1Web authentication server(s) in total

步骤 5  

在交换机上添加默认路由：ip route-static 0.0.0.0 0.0.0.0 192.168.0.1

其中 192.168.0.1为交换机上行端口的网关地址

步骤 6  

配置 portal 白名单

portal free-rule 0 destination ip192.168.0.1 mask 255.255.255.255

portal free-rule 1 destination ip192.168.0.2 mask 255.255.255.255

portal free-rule 2 destination ipxxx.xxx.xxx.xxx mask 255.255.255.255

其中的 xxx.xxx.xxx.xxx 为用户认证之后上网所需的 DNS 地址，实际以真实网络环境中的 DNS为准

//排除网关 PORTAL服务器 Radius服务器 DNS

可选配置：

接口视图下（vlan-if，ge）：dhcp select relay

# 使能接口VLANIF100的DHCP Relay功能。

[HUAWEI] dhcp enable

[HUAWEI] interface vlanif 100

[HUAWEI-Vlanif100] dhcp select relay

#Portal用户下线探测

portal timer offline-detect命令用来配置Portal认证用户下线探测周期。

undo portal timer offline-detect命令用来恢复下线探测周期的缺省值。

缺省情况下，下线探测周期为300秒。

注意：portal timer offline-detect命令功能仅适用于二层Portal认证方式。

-------------------------------------------------------------------------------------------------------

OpenPortalServer对接 华为S5700配置

[Quidway]dis cur

#

!Software Version V200R001C00SPC300

sysname Quidway

#

vlan batch 10 100

#

web-auth-server version v2

portal free-rule 2 source ip 10.0.0.100mask 255.255.255.255

portal free-rule 3 destination ip10.0.0.100 mask 255.255.255.255

portal free-rule 4 destination ip 10.0.0.1mask 255.255.255.255

portal free-rule 5 source ip 10.0.0.1 mask255.255.255.255

portal free-rule 6 source ip 192.168.100.1mask 255.255.255.255

portal free-rule 7 destination ip192.168.100.1 mask 255.255.255.255

#

domain leeson.com

#

http server loads5700si-v200r001c00.001.web.zip

#

undo nap slave enable

#

dhcp enable

#

radius-server template leeson

radius-server shared-key simple leeson

radius-server authentication 10.0.0.100 1812

radius-server accounting 10.0.0.100 1813

radius-server retransmit 2

#

web-auth-server leeson

server-ip 10.0.0.100

port50100

shared-key simple leeson

urlhttp://10.0.0.100/OpenPortalServer

source-ip 10.0.0.1

#

aaa

authentication-scheme default

authentication-scheme leeson

authentication-mode radius

authorization-scheme default

accounting-scheme default

accounting-scheme leeson

accounting-mode radius

domain default

domain default_admin

domain leeson.com

authentication-scheme leeson

accounting-scheme leeson

radius-server  leeson                  

local-user admin password cipher%$%$03~N$}rD0X}s=D%#SD-/ybYP%$%$

local-user admin privilege level 15

local-user admin service-type http

local-user leeson password cipher%$%$3.-^M/J1RB:MO{"\t&bDye\S%$%$

local-user leeson privilege level 15

#

interface Vlanif1

#

interface Vlanif10

ipaddress 10.0.0.1 255.255.255.0

web-auth-serverleeson direct

#

interface Vlanif100

ipaddress 192.168.100.1 255.255.255.0

web-auth-server leeson direct

dhcpselect interface

-------------------------------------------------------------------------------------------

H3C-MSR830-10对接OpenPortal配置

portal server cbqt_wifi_pts ip192.168.1.250 key cipher $c$3$WcdcTvygU/tgJgwXYIR72l92h8HoFlyWoCFi8RS2Cj1goAg=url http://192.168.1.250:8081/portal server-type imc

portal free-rule 0 source ip anydestination ip 114.114.114.114 mask 255.255.255.255

portal free-rule 1 source ip anydestination ip 192.168.1.254 mask 255.255.255.255

portal free-rule 2 source ip anydestination ip 192.168.70.254 mask 255.255.255.255

portal free-rule 3 source ip anydestination ip 192.168.1.250 mask 255.255.255.255

portal server cbqt_wifi_pts server-detectmethod http action permit-all interval 600 retry 5

interface Vlan-interface70

ipaddress 192.168.70.254 255.255.255.0

dhcpselect relay

dhcprelay server-select 1

portal server cbqt_wifi_pts method direct

ippolicy-based-route WAN-TAIQIU

radius scheme cbqt_wifi_rs

server-type extended

primary authentication 192.168.1.250

primary accounting 192.168.1.250

keyauthentication cipher $c$3$Jb32HhDG0KQEFUJK/ie49Sc5ARR1gBavK0rY+MOwlhSU=

keyaccounting cipher $c$3$nG1DwgslbalnXYZul3aAOdVU8ro2+/cWK4Oi6adZw/Rv5ZM=

user-name-format without-domain

#

domain cbqt_wifi_dm

authentication portal radius-schemecbqt_wifi_rs

authorization portal radius-schemecbqt_wifi_rs

accounting portal radius-scheme cbqt_wifi_rs

access-limitdisable

state active

idle-cut disable

self-service-url disable

H3C-MSR对接配置

[BEGIN] 2015/8/12 13:13:39

<H3C-MSR>dis         

<H3C-MSR>display cu      

<H3C-MSR>displaycurrent-configuration

#

version 5.20, Release 2311

#

sysname H3C-MSR

#

ftpserver enable

#

l2tpenable

#

firewall enable

#

nataddress-group 1

nataging-time udp 180

#

domain default enable system

#

darp2p signature-file flash:/p2p_default.mtd

#

lldpenable

#

qoscarl 1 destination-ip-address range 192.169.0.31 to 192.169.0.254 per-addressshare

d-bandwidth

qoscarl 10 source-ip-address range 192.169.0.31 to 192.169.0.254 per-addressshared-ba

ndwidth

#

portal server portal ip 192.169.0.20 keycipher $c$3$tmKimwpWYurgJSFeXElUKoFApV9rMZ6xfw

== url http://192.169.0.20:8080

portal free-rule 0 source ip any destinationip 218.201.4.3 mask 255.255.255.255

portal free-rule 1 source ip any destinationip 192.169.0.20 mask 255.255.255.255

portal server portal server-detect method httpaction permit-all interval 60 retry 5

#

iphttp port 9000

#

blacklist enable

#

acl number 3000

rule0 permit ip source 192.169.0.0 0.0.15.255

rule1 permit ip source 192.169.101.0 0.0.0.255

rule100 deny ip

acl number 3002 name LAN-Defend

rule0 deny tcp destination-port eq 135

rule1 deny udp destination-port eq 135

rule2 deny tcp destination-port eq 139

rule3 deny udp destination-port eq netbios-dgm

rule4 deny udp destination-port eq netbios-ns

rule5 deny udp destination-port eq netbios-ssn

rule6 deny tcp destination-port eq 137

rule7 deny tcp destination-port eq 138

rule8 deny udp destination-port eq 136

rule200 permit icmp

rule300 permit ip source 192.169.0.0 0.0.15.255

rule301 permit ip source 192.169.101.0 0.0.0.255

rule302 permit ip source 192.169.99.0 0.0.0.7

rule303 permit udp destination-port eq bootps

rule400 deny ip

acl number 3003 name WAN-Defend

rule0 deny tcp destination-port eq 135

rule1 deny udp destination-port eq 135

rule2 deny udp destination-port eq netbios-dgm

rule3 deny udp destination-port eq netbios-ns

rule4 deny udp destination-port eq netbios-ssn

rule5 deny tcp destination-port eq 139

rule6 deny tcp destination-port eq 137

rule7 deny tcp destination-port eq 138

rule8 deny udp destination-port eq 136

rule300 permit udp source-port eq dns

rule400 permit ip destination 192.169.0.0 0.0.15.255

rule401 permit ip destination 192.169.101.0 0.0.0.255

rule402 permit ip destination 192.169.99.0 0.0.0.7

rule403 permit tcp destination-port eq 22

rule404 permit tcp destination-port eq www

rule405 permit tcp destination-port eq 443

rule406 permit udp destination-port eq 1701

rule407 deny ip

acl number 3100

description inside access domain-server

rule10 deny ip source 192.169.10.0 0.0.0.255

rule11 deny ip source 192.169.11.0 0.0.0.255

rule12 deny ip source 192.169.12.0 0.0.0.255

rule13 deny ip source 192.169.13.0 0.0.0.255

rule14 deny ip source 192.169.14.0 0.0.0.255

rule15 deny ip source 192.169.15.0 0.0.0.255

rule100 permit ip source 192.169.0.0 0.0.15.255 destination 192.169.0.20 0

rule1000 deny ip

#

#

vlan 1

#

radius scheme radius

primary authentication 192.169.0.20 1645 keycipher $c$3$pBtH9ea/vw5AfpLwHPg20KlJE1fGRK

NHJw==

primary accounting 192.169.0.20 1646 keycipher $c$3$iZTSbzm+q0xelQbsrxER90iYAQKV6aORPA

==

timer realtime-accounting 3

#

domain portal

authentication portal radius-scheme radiuslocal

authorization portal radius-scheme radiuslocal

accounting portal radius-scheme radius local

access-limit disable

state active

idle-cut disable

self-service-url disable

domain pppoe

accounting lan-access radius-scheme radius

authentication ppp radius-scheme radius local

authorization ppp radius-scheme radius local

accounting ppp radius-scheme radius

access-limit disable

state active

idle-cut enable 10 10240

self-service-url disable

ippool 3 192.169.101.2 192.169.101.254

domain pppoe-server-10

accounting lan-access radius-scheme radius

authentication ppp radius-scheme radius local

authorization ppp radius-scheme radius local

accounting ppp radius-scheme radius

access-limit disable

state active

idle-cut enable 10 10240

self-service-url disable

ippool 10 192.169.10.2 192.169.10.254

domain pppoe-server-11

accounting lan-access radius-scheme radius

authentication ppp radius-scheme radius local

authorization ppp radius-scheme radius local

accountingppp radius-scheme radius

access-limit disable

state active

idle-cut enable 10 10240

self-service-url disable

ippool 11 192.169.11.2 192.169.11.254

domain pppoe-server-12

accounting lan-access radius-scheme radius

authentication ppp radius-scheme radius local

authorization ppp radius-scheme radius local

accounting ppp radius-scheme radius

access-limit disable

state active

idle-cut enable 10 10240

self-service-url disable

ippool 12 192.169.12.2 192.169.12.254

domain pppoe-server-13

accounting lan-access radius-scheme radius

authentication ppp radius-scheme radius local

authorization ppp radius-scheme radius local

accounting ppp radius-scheme radius

access-limit disable

state active

idle-cut enable 10 10240

self-service-url disable

ippool 13 192.169.13.2 192.169.13.254

domain pppoe-server-14

accounting lan-access radius-scheme radius

authentication ppp radius-scheme radius local

authorization ppp radius-scheme radius local

accounting ppp radius-scheme radius

access-limit disable

state active

idle-cut enable 10 10240

self-service-url disable

ippool 14 192.169.14.2 192.169.14.254

domain pppoe-server-15

accounting lan-access radius-scheme radius

authentication ppp radius-scheme radius local

authorization ppp radius-scheme radius local

accounting ppp radius-scheme radius

access-limit disable

state active

idle-cut enable 10 10240

self-service-url disable

ippool 15 192.169.15.2 192.169.15.254

domain system   

authentication ppp local

access-limit disable

state active

idle-cut disable

self-service-url disable

ippool 2 192.169.99.2 192.169.99.10

#

pki entity ssl

common-name ssl

organization-unit xxzx

organization gxgs

locality chongqing

state chongqing

country cn

#

pki domain ssl

  caidentifier ssl

certificate request from ra

certificate request entity ssl

  crlcheck disable

#

dhcp server ip-pool 1

network 192.169.0.0 mask 255.255.255.0

gateway-list 192.169.0.1

dns-list 218.201.4.3 218.201.17.2

expired day 5

#

dhcp server ip-pool vlan-10

network 192.169.10.0 mask 255.255.255.0

gateway-list 192.169.10.1

dns-list 218.201.4.3 218.201.21.132

#

dhcp server ip-pool vlan-11

network 192.169.11.0 mask 255.255.255.0

gateway-list 192.169.11.1

dns-list 218.201.4.3 218.201.21.132

#

dhcp server ip-pool vlan-12

network 192.169.12.0 mask 255.255.255.0

gateway-list 192.169.12.1

dns-list 218.201.4.3 218.201.21.132

#

dhcp server ip-pool vlan-13

network 192.169.13.0 mask 255.255.255.0

gateway-list 192.169.13.1

dns-list 218.201.4.3 218.201.21.132

#

dhcp server ip-pool vlan-14

network 192.169.14.0 mask 255.255.255.0

gateway-list 192.169.14.1

dns-list 218.201.4.3 218.201.21.132

#

dhcp server ip-pool vlan-15

network 192.169.15.0 mask 255.255.255.0

gateway-list 192.169.15.1

dns-list 218.201.4.3 218.201.21.132

#

user-group system

group-attribute allow-guest

#

local-user admin

password cipher$c$3$OPmwVHESNbfHNXczEeMcdq2DmRDCR7kmS/E=

authorization-attribute level 3

service-type ssh terminal

service-type ftp

service-type web

local-user dot1x

password cipher$c$3$nWqagHMVZB63q5qHyLqXBdUlHB39vQ2RPnE=

service-type lan-access

local-user h3c

password cipher$c$3$ZHwyfLAqYN93aNiWN5J8OHGVh3EAgA==

service-type ppp

service-type portal

#

ssl server-policy sslvpn

pki-domain ssl

#

cwmp

undocwmp enable

#

l2tp-group 1

allow l2tp virtual-template 1

tunnel name LNS

#

interface Aux0

async mode flow

link-protocol ppp

#

interface Cellular0/0

async mode protocol

link-protocol ppp

#               

interface Ethernet0/0

portlink-mode route

pppoe-server bind Virtual-Template 2

#

interface Ethernet0/1

portlink-mode route

firewall packet-filter 3003 inbound

natoutbound 3000 address-group 1

ipaddress

darenable

qoscar inbound carl 1 cir 1600 cbs 100000 ebs 0 green pass red discard

qoscar outbound carl 10 cir 400 cbs 25000 ebs 0 green pass red discard

#

interface Ethernet0/2

portlink-mode route

speed 100

#

interface Ethernet0/2.10

vlan-type dot1q vid 10

natoutbound 3100

ipaddress 192.169.10.1 255.255.255.0

#

interface Ethernet0/2.11

vlan-type dot1q vid 11

natoutbound 3100

ipaddress 192.169.11.1 255.255.255.0

#

interface Ethernet0/2.12

vlan-type dot1q vid 12

natoutbound 3100

ipaddress 192.169.12.1 255.255.255.0

#

interface Ethernet0/2.13

vlan-type dot1q vid 13

natoutbound 3100

ipaddress 192.169.13.1 255.255.255.0

#

interface Ethernet0/2.14

vlan-type dot1q vid 14

ipaddress 192.169.14.1 255.255.255.0

#

interface Ethernet0/2.15

vlan-type dot1q vid 15

natoutbound 3100

ipaddress 192.169.15.1 255.255.255.0

#

interface Ethernet0/2.20

vlan-type dot1q vid 20

natoutbound 3100

ipaddress 192.169.20.1 255.255.255.0

portal server portal method direct

#

interface Serial1/0

link-protocol ppp

#

interface Serial1/1

link-protocol ppp

#

interface Virtual-Template1

pppauthentication-mode chap domain system

remote address pool 2

ipaddress 192.169.99.1 255.255.255.0

#

interface Virtual-Template2

pppauthentication-mode chap domain pppoe

pppaccount-statistics enable

pppipcp remote-address forced

pppipcp dns 218.201.4.3 218.201.21.132

remote address pool 3

ipaddress 192.169.101.1 255.255.255.0

#

interface Virtual-Template10

pppauthentication-mode chap domain pppoe-server-10

pppipcp remote-address forced

pppipcp dns 218.201.4.3 218.201.17.2

remote address pool 10

#

interface Virtual-Template11

pppauthentication-mode chap domain pppoe-server-11

pppipcp remote-address forced

pppipcp dns 218.201.4.3 218.201.17.2

remote address pool 11

#

interface Virtual-Template12

pppauthentication-mode chap domain pppoe-server-12

pppipcp remote-address forced

pppipcp dns 218.201.4.3 218.201.17.2

remote address pool 12

#               

interface Virtual-Template13

pppauthentication-mode chap domain pppoe-server-13

pppipcp remote-address forced

pppipcp dns 218.201.4.3 218.201.17.2

remote address pool 13

#

interface Virtual-Template14

pppauthentication-mode chap domain pppoe-server-14

pppipcp remote-address forced

pppipcp dns 218.201.4.3 218.201.17.2

remote address pool 14

#

interface Virtual-Template15

pppauthentication-mode chap domain pppoe-server-15

pppipcp remote-address forced

pppipcp dns 218.201.4.3 218.201.17.2

remote address pool 15

#

interface NULL0

#

interface Vlan-interface1

ipaddress 192.169.0.1 255.255.255.0

undoip fast-forwarding

natoutbound 3100

firewall packet-filter 3002 inbound

firewall packet-filter 4000 inbound

#

interface Ethernet0/3

portlink-mode bridge

#

interface Ethernet0/4

portlink-mode bridge

#

dhcp-snooping

#

ssl-vpn server-policy sslvpn

ssl-vpn enable

#

#

info-center loghost 192.169.0.6 facilitylocal6

#

dhcpserver forbidden-ip 192.169.10.1 192.169.10.10

dhcpserver forbidden-ip 192.169.11.1 192.169.11.10

dhcpserver forbidden-ip 192.169.12.1 192.169.12.10

dhcpserver forbidden-ip 192.169.13.1 192.169.13.10

dhcpserver forbidden-ip 192.169.14.1 192.169.14.10

dhcpserver forbidden-ip 192.169.15.1 192.169.15.10

dhcpserver forbidden-ip 192.169.0.1 192.169.0.30

dhcpserver detect

#

dhcpenable

#

ntp-service unicast-server 202.112.10.60

#

sshserver enable

sshuser admin service-type stelnet authentication-type password

#

arptimer aging 10

#

loadxml-configuration

#

loadtr069-configuration

#

user-interface tty 12

user-interface aux 0

authentication-mode scheme

user-interface vty 0 4

authentication-mode scheme

#

return

[END] 2015/8/12 13:16:01