OSSH免费版华为Portal系统支持华为Portal协议,能够跟市面上支持华为协议的设备进行对接,方便的实现Web Portal认证。下面我们介绍华为主流6605系列AC同OSSH免费版华为Portal的对接示例,仅供大家参考。

网络拓扑如下

wKioL1Lc***RYre4AAFYPexgXUo528.jpg


配置说明:

1、将无线认证用户及设备划分到VLAN2014

#

vlan 2014

description user_vlan

#

2、配置Radius认证模板

#

radius-server templateradius_huawei

radius-servershared-key cipher %@%@,%+K=Sl9NOmxy2@J~"X//97v%@%@

radius-serverauthentication 192.168.10.3 1812 weight 80

radius-serveraccounting 192.168.10.3 1813 weight 80

undo radius-serveruser-name domain-included

#

#

url-template nameurlTemplate_0

#

3、配置Portal认证对接的参数

#

web-auth-serverportal

server-ip192.168.10.3

port 50100

shared-key cipher%@%@qfU0XjxGk-{_|i"4x;<,/v~S%@%@

url http:  //192.168.10.3:8080/login.jsp

url-templateurlTemplate_0

user-sync

#

4、配置无线认证用户的地址池、网关及DNS

#

ip pool wifi_user

gateway-list192.168.10.1

network 192.168.10.0 mask255.255.255.0

excluded-ip-address192.168.10.1 192.168.10.40

lease day 0 hour 1minute 0

dns-list 8.8.8.8

#

5、配置AAA模板

#

aaa

authentication-scheme default

authentication-scheme radius_huawei

authentication-mode radius

authorization-scheme default

accounting-scheme default

accounting-scheme radius_huawei

accounting-mode radius

domain default

domain default_admin  

domain huawei.com  

authentication-scheme radius_huawei

accounting-scheme radius_huawei

radius-server radius_huawei

local-user admin password cipher%@%@lA9^Vm7sN452P)V;[5<Fcc>(%@%@

local-user admin privilege level 15

local-user admin service-type telnet ssh ftpweb http

#

6、配置VLAN2014的地址以及在该Vlan中启用Portal认证

#

interfaceVlanif2014

ip address 192.168.10.2255.255.255.0

web-auth-serverportal direct

dhcp select global

#

7、其他配置如下:

#

interfaceGigabitEthernet0/0/1

port link-typeaccess

port default vlan2014

#

interfaceGigabitEthernet0/0/2

port link-typeaccess

port default vlan2014

#

#

interfaceGigabitEthernet0/0/24

port link-typetrunk

port trunkallow-pass vlan 2014 to 2015

#

interfaceXGigabitEthernet0/0/1

#

interfaceXGigabitEthernet0/0/2

#

interface Wlan-Ess0

port hybrid pvidvlan 2014

undo port hybridvlan 1

port hybriduntagged vlan 2014

permit-domain namehuawei.com

force-domain namehuawei.com

#

interface Wlan-Ess1

descriptionno_portal

port hybrid pvidvlan 2014

undo port hybridvlan 1

port hybriduntagged vlan 2014

#

interface NULL0

#

ip route-static0.0.0.0 0.0.0.0 192.168.10.1

#

以上即为OSSH免费版华为Portal系统与华为AC6605对接的示例,仅供大家参考,如有问题可以随时联系我们,QQ群:195323074  群内有下载地址。