开启辅助访问 设为首页     收藏本站     HTTPS安全访问
 找回密码
 立即注册

OpenPortalServer开源Portal协议WEB认证服务器 简介

admin 回复:0 | 查看:24315 | 发表于 2015-11-30 11:26:46 |阅读模式 |复制链接
OpenPortalServer开源Portal协议WEB认证服务器


logoS.png

s1.jpg s2.jpg
s3.jpg
logo.png

作者:LeeSon  
QQ:25901875
E-Mail:   [url=mailtoeeSon@vip.qq.com]LeeSon@vip.qq.com[/url]  
OpenPortal官方交流群 119688084

    该软件是基于华为AC/BASPORTAL协议的服务端程序,Java编写。

支持Huawei H3C Portal V1 V2协议PAP CHAP认证方式的Portal服务器


-------------------------------------------------------------------------------------------
新手安装配置说明:
-------------------------------------------------------------------------------------------
windows环境下:

1.首先保证已有JDK1.7环境,MySQL环境 ,tomcat7

2.解压路径无中文及空格

3.配置文件说明  \webapps\ROOT\WEB-INF\classes\jdbc.properties
    首先修改该数据库配置文件
         创建openportalserver数据库 UTF-8字符集
         导入数据库文件OpenPortalServer.sql
         后台账号:admin  密码:admin


4.配置AC设备 安装和配置Radius服务
  如果使用AC模拟器进行模拟测试则可忽略这步
  如果使用页面展示、本地接入用户认证方式   不用配置radius

5.运行 bin/startup.bat 快捷方式  


6.浏览器http://服务器IP

7.如果使用AC模拟器测试用户名密码随意  如果真实环境(不用我废话了)

-------------------------------------------------------------------------------------------

Linux环境:  安装jdk1.7  mysql  tomcat7   将解压目录下的webapps目录替换  

Portal认证服务核心引擎接口路径为   根目录的 html文件
    采用GET提交,Json信息返回!
-------------------------------------------------------------------------------------------

对接配置说明:

超时设置      3-5
日志记录      是否输出详细日志到文件
验证码设置    是否开启用户登陆的验证码
用户心跳      是否进行用户离线检测
超时重复次数  一次检查周期内  用户在线检测超时几次算已经下线
计费检测周期  间隔多长时间检测一次用户是否在线,余额是否够
认证方式      页面展示,本地接入用户,外接radius
自助注册开关  是否允许自助注册接入用户,默认每个新用户给10分钟的时长
设备账号      对应设备的local-user用户账号密码,在本地接入用户和页面展示   认证方式时必须配置,而且设备用默认domain
设备密码      对应设备的local-user用户账号密码,在本地接入用户和页面展示   认证方式时必须配置,而且设备用默认domain


-------------------------------------------------------------------------------------------

本地用户认证模式则    下面交换机不用设置[SWITCH]domain leeson.org   设备账号密码就是交换机的账号密码

-------------------------------------------------------------------------------------------
以华为S5700交换机为例,配置信息详细说明:

交换机配置如下配置步骤
步骤 1  
创建 VLAN 并配置接口允许通过的 VLAN,保证网络通畅。
# 创建 VLAN10 VLAN20
[SWITCH] vlan batch 10 20
# 配置交换机连接上行网络的接口 E0/0/1 Access 类型接口,并将 GE0/0/1 加入
VLAN20
[SWITCH] interface Ethernet0/0/1
[SWITCH-Ethernet0/0/2] port link-typeaccess
[SWITCH-Ethernet0/0/2] port default vlan 20
[SWITCH-Ethernet0/0/2] quit

# 配置交换机连接 RADIUS portalServer 的接口 E0/0/2 Access 类型接口,并
GE0/0/2 加入 VLAN20
[SWITCH] interface Ethernet0/0/2
[SWITCH-Ethernet0/0/2] port link-typeaccess
[SWITCH-Ethernet0/0/2] port default vlan 20
[SWITCH-Ethernet0/0/2] quit

# 创建 VLANIF10 VLANIF20,并配置VLANIF IP 地址,以使用户终端、Switch
企业内网资源之间能够建立起路由。此处假设 VLANIF10 IP 地址为192.168.10.20/24
VLANIF20 IP 地址为192.168.20.29/24
[SWITCH] interface vlanif 10
[SWITCH-Vlanif10] ip address 192.168.10.2024    //10.1

[SWITCH] interface vlanif 20
[SWITCH-Vlanif20] ip address 192.168.0.124    //0.1
[SWITCH-Vlanif20] quit
步骤 2  
创建并配置 RADIUS 服务器模板、AAA 方案以及认证域。
# 创建并配置 RADIUS 服务器模板“rd1”。
[SWITCH] radius-server template rd1
[SWITCH-radius-rd1] radius-serverauthentication 192.168.0.2 1812
[SWITCH-radius-rd1] radius-serveraccounting 192.168.0.2 1813
[SWITCH-radius-rd1] radius-servershared-key simple leeson
[SWITCH-radius-rd1] radius-serverretransmit 2
[SWITCH-radius-rd1] quit

# 创建 AAA 方案“abc”并配置认证方式为RADIUS
[SWITCH] aaa
[SWITCH-aaa] authentication-scheme abc
[SWITCH-aaa-authen-abc] authentication-moderadius
[SWITCH-aaa-authen-abc] quit
[SWITCH-aaa] accounting-scheme acc
[SWITCH-aaa-acc-abc] accounting-mode radius
[SWITCH-aaa-acc-abc] quit
# 创建认证域“leeson.org”,并在其上绑定AAA 方案“abc”与RADIUS 服务器模板“rd1”。
[SWITCH-aaa] domain leeson.org
[SWITCH-aaa-domain-isp1]authentication-scheme abc
[SWITCH-aaa-domain-isp1] accounting-schemeacc
[SWITCH-aaa-domain-isp1] radius-server rd1
[SWITCH-aaa-domain-isp1] quit
[SWITCH-aaa] quit

# 配置全局默认域为“leeson.org”。用户进行接入认证时,以格式“user@xxx.xxx”输
入用户名即可在xxx.xxx 域下进行 aaa 认证。如果用户名中不携带域名或携带的域名
不存在,用户将会在默认域中进行认证。
[SWITCH] domain leeson.org

步骤 3  
配置外部 Portal 认证
# 创建并配置名称为“abc”的 Portal 服务器模板。
[SWITCH] web-auth-server abc
[SWITCH -web-auth-server-abc] server-ip192.168.0.2
[SWITCH -web-auth-server-abc] port 50100
[SWITCH -web-auth-server-abc] shared-keysimple leeson
[SWITCH -web-auth-server-abc] urlhttp://192.168.0.2
[SWITCH -web-auth-server-abc] quit

# 使能 Portal 认证功能。
[SWITCH] interface vlanif 10
[SWITCH -Vlanif10] web-auth-server abcdirect
[SWITCH -Vlanif10] quit

步骤 4  
查看配置的 Portal 服务器的参数信息。
# 执行命令 displayweb-auth-server configuration 查看 Portal 服务器相关的
配置信息。
<SWITCH>display web-auth-serverconfiguration
  Listening port        : 2000   
Portal                : version 1, version 2  
Include reply message : enabled  
-----------------------------------------------------------------------
-  Web-auth-server Name : abc   
IP-address           : 192.168.20.30   
Shared-key           :%$%$]$c{$)Bp!XFdN>G2DBG(T#wn%$%$   
Port / PortFlag      : 50100 / NO   
URL                  : http://192.168.0.2  
Bounded Vlanif       : 10  
-----------------------------------------------------------------------
-   1Web authentication server(s) in total

步骤 5  
在交换机上添加默认路由:ip route-static 0.0.0.0 0.0.0.0 192.168.0.1
其中 192.168.0.1为交换机上行端口的网关地址

步骤 6  
配置 portal 白名单
portal free-rule 0 destination ip192.168.0.1 mask 255.255.255.255
portal free-rule 1 destination ip192.168.0.2 mask 255.255.255.255
portal free-rule 2 destination ipxxx.xxx.xxx.xxx mask 255.255.255.255
其中的 xxx.xxx.xxx.xxx 为用户认证之后上网所需的 DNS 地址,实际以真实网络环境中的 DNS为准
//排除网关 PORTAL服务器 Radius服务器 DNS

可选配置:
接口视图下(vlan-ifge):dhcp select relay
# 使能接口VLANIF100DHCP Relay功能。
[HUAWEI] dhcp enable
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] dhcp select relay

#Portal用户下线探测
portal timer offline-detect命令用来配置Portal认证用户下线探测周期。
undo portal timer offline-detect命令用来恢复下线探测周期的缺省值。
缺省情况下,下线探测周期为300秒。
注意:portal timer offline-detect命令功能仅适用于二层Portal认证方式。






-------------------------------------------------------------------------------------------------------
OpenPortalServer对接 华为S5700配置

[Quidway]dis cur
#
!Software Version V200R001C00SPC300
sysname Quidway
#
vlan batch 10 100
#
web-auth-server version v2
portal free-rule 2 source ip 10.0.0.100mask 255.255.255.255
portal free-rule 3 destination ip10.0.0.100 mask 255.255.255.255
portal free-rule 4 destination ip 10.0.0.1mask 255.255.255.255
portal free-rule 5 source ip 10.0.0.1 mask255.255.255.255
portal free-rule 6 source ip 192.168.100.1mask 255.255.255.255
portal free-rule 7 destination ip192.168.100.1 mask 255.255.255.255
#
domain leeson.com
#
http server loads5700si-v200r001c00.001.web.zip
#
undo nap slave enable
#
dhcp enable
#
radius-server template leeson
radius-server shared-key simple leeson
radius-server authentication 10.0.0.100 1812
radius-server accounting 10.0.0.100 1813
radius-server retransmit 2
#
web-auth-server leeson
server-ip 10.0.0.100
port50100
shared-key simple leeson
source-ip 10.0.0.1
#
aaa
authentication-scheme default
authentication-scheme leeson
authentication-mode radius
authorization-scheme default
accounting-scheme default
accounting-scheme leeson
accounting-mode radius
domain default
domain default_admin
domain leeson.com
authentication-scheme leeson
accounting-scheme leeson
radius-server  leeson                  
local-user admin password cipher%$%$03~N$}rD0X}s=D%#SD-/ybYP%$%$
local-user admin privilege level 15
local-user admin service-type http
local-user leeson password cipher%$%$3.-^M/J1RB:MO{"\t&bDye\S%$%$
local-user leeson privilege level 15
#
interface Vlanif1
#
interface Vlanif10
ipaddress 10.0.0.1 255.255.255.0
web-auth-serverleeson direct
#
interface Vlanif100
ipaddress 192.168.100.1 255.255.255.0
web-auth-server leeson direct
dhcpselect interface


-------------------------------------------------------------------------------------------
H3C-MSR830-10对接OpenPortal配置

portal server cbqt_wifi_pts ip192.168.1.250 key cipher $c$3$WcdcTvygU/tgJgwXYIR72l92h8HoFlyWoCFi8RS2Cj1goAg=url http://192.168.1.250:8081/portal server-type imc
portal free-rule 0 source ip anydestination ip 114.114.114.114 mask 255.255.255.255
portal free-rule 1 source ip anydestination ip 192.168.1.254 mask 255.255.255.255
portal free-rule 2 source ip anydestination ip 192.168.70.254 mask 255.255.255.255
portal free-rule 3 source ip anydestination ip 192.168.1.250 mask 255.255.255.255
portal server cbqt_wifi_pts server-detectmethod http action permit-all interval 600 retry 5

interface Vlan-interface70
ipaddress 192.168.70.254 255.255.255.0
dhcpselect relay
dhcprelay server-select 1
portal server cbqt_wifi_pts method direct
ippolicy-based-route WAN-TAIQIU

radius scheme cbqt_wifi_rs
server-type extended
primary authentication 192.168.1.250
primary accounting 192.168.1.250
keyauthentication cipher $c$3$Jb32HhDG0KQEFUJK/ie49Sc5ARR1gBavK0rY+MOwlhSU=
keyaccounting cipher $c$3$nG1DwgslbalnXYZul3aAOdVU8ro2+/cWK4Oi6adZw/Rv5ZM=
user-name-format without-domain
#
domain cbqt_wifi_dm
authentication portal radius-schemecbqt_wifi_rs
authorization portal radius-schemecbqt_wifi_rs
accounting portal radius-scheme cbqt_wifi_rs
access-limitdisable
state active
idle-cut disable
self-service-url disable


H3C-MSR对接配置

[BEGIN] 2015/8/12 13:13:39
<H3C-MSR>dis         
<H3C-MSR>display cu      
<H3C-MSR>displaycurrent-configuration
#
version 5.20, Release 2311
#
sysname H3C-MSR
#
ftpserver enable
#
l2tpenable
#
firewall enable
#
nataddress-group 1
nataging-time udp 180
#
domain default enable system
#
darp2p signature-file flash:/p2p_default.mtd
#
lldpenable
#
qoscarl 1 destination-ip-address range 192.169.0.31 to 192.169.0.254 per-addressshare
d-bandwidth
qoscarl 10 source-ip-address range 192.169.0.31 to 192.169.0.254 per-addressshared-ba
ndwidth
#
portal server portal ip 192.169.0.20 keycipher $c$3$tmKimwpWYurgJSFeXElUKoFApV9rMZ6xfw
portal free-rule 0 source ip any destinationip 218.201.4.3 mask 255.255.255.255
portal free-rule 1 source ip any destinationip 192.169.0.20 mask 255.255.255.255
portal server portal server-detect method httpaction permit-all interval 60 retry 5
#
iphttp port 9000
#
blacklist enable
#
acl number 3000
rule0 permit ip source 192.169.0.0 0.0.15.255
rule1 permit ip source 192.169.101.0 0.0.0.255
rule100 deny ip
acl number 3002 name LAN-Defend
rule0 deny tcp destination-port eq 135
rule1 deny udp destination-port eq 135
rule2 deny tcp destination-port eq 139
rule3 deny udp destination-port eq netbios-dgm
rule4 deny udp destination-port eq netbios-ns
rule5 deny udp destination-port eq netbios-ssn
rule6 deny tcp destination-port eq 137
rule7 deny tcp destination-port eq 138
rule8 deny udp destination-port eq 136
rule200 permit icmp
rule300 permit ip source 192.169.0.0 0.0.15.255
rule301 permit ip source 192.169.101.0 0.0.0.255
rule302 permit ip source 192.169.99.0 0.0.0.7
rule303 permit udp destination-port eq bootps
rule400 deny ip
acl number 3003 name WAN-Defend
rule0 deny tcp destination-port eq 135
rule1 deny udp destination-port eq 135
rule2 deny udp destination-port eq netbios-dgm
rule3 deny udp destination-port eq netbios-ns
rule4 deny udp destination-port eq netbios-ssn
rule5 deny tcp destination-port eq 139
rule6 deny tcp destination-port eq 137
rule7 deny tcp destination-port eq 138
rule8 deny udp destination-port eq 136

rule300 permit udp source-port eq dns
rule400 permit ip destination 192.169.0.0 0.0.15.255
rule401 permit ip destination 192.169.101.0 0.0.0.255
rule402 permit ip destination 192.169.99.0 0.0.0.7
rule403 permit tcp destination-port eq 22
rule404 permit tcp destination-port eq www
rule405 permit tcp destination-port eq 443
rule406 permit udp destination-port eq 1701
rule407 deny ip
acl number 3100
description inside access domain-server
rule10 deny ip source 192.169.10.0 0.0.0.255
rule11 deny ip source 192.169.11.0 0.0.0.255
rule12 deny ip source 192.169.12.0 0.0.0.255
rule13 deny ip source 192.169.13.0 0.0.0.255
rule14 deny ip source 192.169.14.0 0.0.0.255
rule15 deny ip source 192.169.15.0 0.0.0.255
rule100 permit ip source 192.169.0.0 0.0.15.255 destination 192.169.0.20 0
rule1000 deny ip
#

#
vlan 1
#
radius scheme radius
primary authentication 192.169.0.20 1645 keycipher $c$3$pBtH9ea/vw5AfpLwHPg20KlJE1fGRK
NHJw==
primary accounting 192.169.0.20 1646 keycipher $c$3$iZTSbzm+q0xelQbsrxER90iYAQKV6aORPA
==
timer realtime-accounting 3
#
domain portal
authentication portal radius-scheme radiuslocal
authorization portal radius-scheme radiuslocal
accounting portal radius-scheme radius local
access-limit disable
state active
idle-cut disable
self-service-url disable
domain pppoe
accounting lan-access radius-scheme radius
authentication ppp radius-scheme radius local
authorization ppp radius-scheme radius local
accounting ppp radius-scheme radius
access-limit disable
state active
idle-cut enable 10 10240
self-service-url disable
ippool 3 192.169.101.2 192.169.101.254
domain pppoe-server-10
accounting lan-access radius-scheme radius
authentication ppp radius-scheme radius local
authorization ppp radius-scheme radius local
accounting ppp radius-scheme radius
access-limit disable
state active
idle-cut enable 10 10240
self-service-url disable
ippool 10 192.169.10.2 192.169.10.254
domain pppoe-server-11
accounting lan-access radius-scheme radius
authentication ppp radius-scheme radius local
authorization ppp radius-scheme radius local
accountingppp radius-scheme radius
access-limit disable
state active
idle-cut enable 10 10240
self-service-url disable
ippool 11 192.169.11.2 192.169.11.254
domain pppoe-server-12
accounting lan-access radius-scheme radius
authentication ppp radius-scheme radius local
authorization ppp radius-scheme radius local
accounting ppp radius-scheme radius
access-limit disable
state active
idle-cut enable 10 10240
self-service-url disable
ippool 12 192.169.12.2 192.169.12.254
domain pppoe-server-13
accounting lan-access radius-scheme radius
authentication ppp radius-scheme radius local
authorization ppp radius-scheme radius local
accounting ppp radius-scheme radius
access-limit disable
state active
idle-cut enable 10 10240
self-service-url disable
ippool 13 192.169.13.2 192.169.13.254
domain pppoe-server-14
accounting lan-access radius-scheme radius
authentication ppp radius-scheme radius local
authorization ppp radius-scheme radius local
accounting ppp radius-scheme radius
access-limit disable
state active
idle-cut enable 10 10240
self-service-url disable
ippool 14 192.169.14.2 192.169.14.254
domain pppoe-server-15
accounting lan-access radius-scheme radius
authentication ppp radius-scheme radius local
authorization ppp radius-scheme radius local
accounting ppp radius-scheme radius
access-limit disable
state active
idle-cut enable 10 10240
self-service-url disable
ippool 15 192.169.15.2 192.169.15.254
domain system   
authentication ppp local
access-limit disable
state active
idle-cut disable
self-service-url disable
ippool 2 192.169.99.2 192.169.99.10
#
pki entity ssl
common-name ssl
organization-unit xxzx
organization gxgs
locality chongqing
state chongqing
country cn
#
pki domain ssl
  caidentifier ssl
certificate request from ra
certificate request entity ssl
  crlcheck disable
#
dhcp server ip-pool 1
network 192.169.0.0 mask 255.255.255.0
gateway-list 192.169.0.1
dns-list 218.201.4.3 218.201.17.2
expired day 5
#
dhcp server ip-pool vlan-10
network 192.169.10.0 mask 255.255.255.0
gateway-list 192.169.10.1
dns-list 218.201.4.3 218.201.21.132
#
dhcp server ip-pool vlan-11
network 192.169.11.0 mask 255.255.255.0
gateway-list 192.169.11.1
dns-list 218.201.4.3 218.201.21.132
#
dhcp server ip-pool vlan-12
network 192.169.12.0 mask 255.255.255.0
gateway-list 192.169.12.1
dns-list 218.201.4.3 218.201.21.132
#
dhcp server ip-pool vlan-13
network 192.169.13.0 mask 255.255.255.0
gateway-list 192.169.13.1
dns-list 218.201.4.3 218.201.21.132
#
dhcp server ip-pool vlan-14
network 192.169.14.0 mask 255.255.255.0
gateway-list 192.169.14.1
dns-list 218.201.4.3 218.201.21.132
#
dhcp server ip-pool vlan-15
network 192.169.15.0 mask 255.255.255.0
gateway-list 192.169.15.1
dns-list 218.201.4.3 218.201.21.132
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher$c$3$OPmwVHESNbfHNXczEeMcdq2DmRDCR7kmS/E=
authorization-attribute level 3
service-type ssh terminal
service-type ftp
service-type web
local-user dot1x
password cipher$c$3$nWqagHMVZB63q5qHyLqXBdUlHB39vQ2RPnE=
service-type lan-access
local-user h3c
password cipher$c$3$ZHwyfLAqYN93aNiWN5J8OHGVh3EAgA==
service-type ppp
service-type portal
#
ssl server-policy sslvpn
pki-domain ssl
#
cwmp
undocwmp enable
#
l2tp-group 1
allow l2tp virtual-template 1
tunnel name LNS
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
#               
interface Ethernet0/0
portlink-mode route
pppoe-server bind Virtual-Template 2
#
interface Ethernet0/1
portlink-mode route
firewall packet-filter 3003 inbound
natoutbound 3000 address-group 1

ipaddress
darenable
qoscar inbound carl 1 cir 1600 cbs 100000 ebs 0 green pass red discard
qoscar outbound carl 10 cir 400 cbs 25000 ebs 0 green pass red discard
#
interface Ethernet0/2
portlink-mode route
speed 100
#
interface Ethernet0/2.10
vlan-type dot1q vid 10
natoutbound 3100
ipaddress 192.169.10.1 255.255.255.0
#
interface Ethernet0/2.11
vlan-type dot1q vid 11
natoutbound 3100
ipaddress 192.169.11.1 255.255.255.0
#
interface Ethernet0/2.12
vlan-type dot1q vid 12
natoutbound 3100
ipaddress 192.169.12.1 255.255.255.0
#
interface Ethernet0/2.13
vlan-type dot1q vid 13
natoutbound 3100
ipaddress 192.169.13.1 255.255.255.0
#
interface Ethernet0/2.14
vlan-type dot1q vid 14
ipaddress 192.169.14.1 255.255.255.0
#
interface Ethernet0/2.15
vlan-type dot1q vid 15
natoutbound 3100
ipaddress 192.169.15.1 255.255.255.0
#
interface Ethernet0/2.20
vlan-type dot1q vid 20
natoutbound 3100
ipaddress 192.169.20.1 255.255.255.0
portal server portal method direct
#
interface Serial1/0
link-protocol ppp
#
interface Serial1/1
link-protocol ppp
#
interface Virtual-Template1
pppauthentication-mode chap domain system
remote address pool 2
ipaddress 192.169.99.1 255.255.255.0
#
interface Virtual-Template2
pppauthentication-mode chap domain pppoe
pppaccount-statistics enable
pppipcp remote-address forced
pppipcp dns 218.201.4.3 218.201.21.132
remote address pool 3
ipaddress 192.169.101.1 255.255.255.0
#
interface Virtual-Template10
pppauthentication-mode chap domain pppoe-server-10
pppipcp remote-address forced
pppipcp dns 218.201.4.3 218.201.17.2
remote address pool 10
#
interface Virtual-Template11
pppauthentication-mode chap domain pppoe-server-11
pppipcp remote-address forced
pppipcp dns 218.201.4.3 218.201.17.2
remote address pool 11
#
interface Virtual-Template12
pppauthentication-mode chap domain pppoe-server-12
pppipcp remote-address forced
pppipcp dns 218.201.4.3 218.201.17.2
remote address pool 12
#               
interface Virtual-Template13
pppauthentication-mode chap domain pppoe-server-13
pppipcp remote-address forced
pppipcp dns 218.201.4.3 218.201.17.2
remote address pool 13
#
interface Virtual-Template14
pppauthentication-mode chap domain pppoe-server-14
pppipcp remote-address forced
pppipcp dns 218.201.4.3 218.201.17.2
remote address pool 14
#
interface Virtual-Template15
pppauthentication-mode chap domain pppoe-server-15
pppipcp remote-address forced
pppipcp dns 218.201.4.3 218.201.17.2
remote address pool 15
#
interface NULL0
#
interface Vlan-interface1
ipaddress 192.169.0.1 255.255.255.0
undoip fast-forwarding
natoutbound 3100

firewall packet-filter 3002 inbound
firewall packet-filter 4000 inbound
#
interface Ethernet0/3
portlink-mode bridge
#
interface Ethernet0/4
portlink-mode bridge
#
dhcp-snooping
#
ssl-vpn server-policy sslvpn
ssl-vpn enable
#

#
info-center loghost 192.169.0.6 facilitylocal6
#
dhcpserver forbidden-ip 192.169.10.1 192.169.10.10
dhcpserver forbidden-ip 192.169.11.1 192.169.11.10
dhcpserver forbidden-ip 192.169.12.1 192.169.12.10
dhcpserver forbidden-ip 192.169.13.1 192.169.13.10
dhcpserver forbidden-ip 192.169.14.1 192.169.14.10
dhcpserver forbidden-ip 192.169.15.1 192.169.15.10
dhcpserver forbidden-ip 192.169.0.1 192.169.0.30
dhcpserver detect
#
dhcpenable
#
ntp-service unicast-server 202.112.10.60
#
sshserver enable
sshuser admin service-type stelnet authentication-type password
#
arptimer aging 10
#
loadxml-configuration
#
loadtr069-configuration
#
user-interface tty 12
user-interface aux 0
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme
#
return

[END] 2015/8/12 13:16:01






回复

使用道具 举报

登录 发布 快速回复 返回顶部 返回列表