第三方PORTAL认证系统对接华为AC6605实现无线WiFi微信认证、短信认证和访客认证
[对接配置参考文章](https://www.cdefe.com/20190224/cid=219.html)
1、网络开局配置:在不配置portal认证情况下,用户连上无线能正常上网。
2、portal服务器部署:不开认证情况下用户、AC可以正常互访portal服务器。
3、外部第三方PORTAL认证系统配置参考:
4、AC6605命令配置参考
[V200R006C10SPC200]
#
ftp server enable
#
http server load flash:/AC6605V200R006C10SP200.001.web.zip
http secure-server ssl-policy default_policy
http server enable
#
vlan batch 100 210 220 230 505
#
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
portal-access-profile x
free-rule-template x
authentication-scheme cx
accounting-scheme cx
radius-server x
authentication-profile name macportal_authen_profile
#
dot1x-access-profile name dot1x_access_profile
mac-access-profile name mac_access_profile
#
web-auth-server version v2
portal captive-bypass enable
#
management-port isolate enable
management-plane isolate enable
#
diffserv domain default
#
radius-server template default
radius-server template x
radius-server shared-key cipher %^%#+CGj+f)QK>;T9-,7MyQ2v]4-HufNiFQmJ{=j@(CN%^%#
radius-server authentication 10.0.100.241 1812 weight 80
radius-server accounting 10.0.100.241 1813 weight 80
undo radius-server user-name domain-included
#
pki realm default
enrollment self-signed
#
ssl policy default_policy type server
pki-realm default
#
free-rule-template name default_free_rule
#
free-rule-template name x
free-rule 0 destination ip 61.139.2.69 mask 255.255.255.255
free-rule 1 destination ip 10.0.100.241 mask 255.255.255.255
free-rule 2 destination ip 10.0.100.71 mask 255.255.255.255
#
url-template name urlTemplate_0
url http://10.0.100.241/
url-parameter ac-ip basip ap-mac apmac user-ipaddress wlanuserip user-mac mac
url-parameter mac-address format delimiter : normal
#
web-auth-server x
server-ip 10.0.100.241
port 50100
shared-key cipher %^%#~N!0*`gx[A|JRCC~'6C13nIj7F!~&CQNGZ,q9.{;%^%#
url-template urlTemplate_0
#
portal-access-profile name portal_access_profile
#
portal-access-profile name x
web-auth-server x direct
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-scheme cx
authentication-mode radius
authorization-scheme default
accounting-scheme default
accounting-scheme cx
accounting-mode radius
domain default
domain default_admin
local-user ac password irreversible-cipher %^%#tj0RQ|9j=LOc>SQa/lVCpIyNTED@`MG~53P#_9KXbFIqEo3bF&$vMgP@yJ#/%^%#
local-user ac privilege level 15
local-user ac ftp-directory flash:/
local-user ac service-type ftp
local-user bbb password irreversible-cipher %^%#*VxZ-QiH$G&e^*3[|wt.E_1;V~%K^L>0x[4pg@,7}8:MB:a$q16/3C+7ZS@J%^%#
local-user bbb privilege level 15
local-user bbb service-type http
local-user sudo password irreversible-cipher %^%#%S-%Tv$v2>v+3KB7m,7E>pcqWzE3OQB8_M>]`.K1P_JoT-S'(~VI!$YEQ3G/%^%# idle-timeout 99 0 access-limit 999
local-user sudo privilege level 15
local-user sudo service-type telnet ssh http
local-user admin password irreversible-cipher %^%#].@0"~G+z~GoW>>>w,XMt$`\+caLrW"z:v97~rTN#cb7Esd*[&bD;'XjphBU%^%# idle-timeout 3500 0
local-user admin privilege level 15
local-user admin service-type ssh http
#
interface Vlanif1
#
interface Vlanif100
ip address 10.0.100.71 255.255.255.0
#
interface Vlanif230
ip address 172.60.1.253 255.255.254.0
#
interface Vlanif505
#
interface MEth0/0/1
ip address 169.254.1.1 255.255.0.0
#
interface GigabitEthernet0/0/1
port link-type access
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
port link-type trunk
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
port media type fiber
undo negotiation auto
#
interface XGigabitEthernet0/0/1
#
interface XGigabitEthernet0/0/2
#
interface NULL0
#
info-center timestamp log format-date
#
undo snmp-agent
#
stelnet server enable
undo telnet ipv6 server enable
ssh server secure-algorithms cipher aes256_ctr aes128_ctr aes256_cbc aes128 3des
ssh server secure-algorithms hmac sha2_256 sha2_256_96 sha1 sha1_96 md5 md5_96
ssh client secure-algorithms cipher aes256_ctr aes128_ctr aes256_cbc aes128 3des
ssh client secure-algorithms hmac sha2_256 sha2_256_96 sha1 sha1_96 md5 md5_96
#
ip route-static 0.0.0.0 0.0.0.0 10.0.100.1
#
capwap source interface vlanif230
#
user-interface con 0
authentication-mode password
set authentication password cipher %^%#&C8eMS)+m:2jl5~0*jC>9+7hI#\&0'\K6Y"\wHh@fOvqFYt2qRt6mC#B!,HV%^%#
user-interface vty 0 4
authentication-mode password
user privilege level 15
set authentication password cipher %^%#d;O5#3{>C&d6c]Hz%H4(4IS)%oZQ(/9HL;5(1%;6rI_/WM!DVGB[/x%JC(`H%^%#
protocol inbound telnet
user-interface vty 16 20
protocol inbound all
#
wlan
traffic-profile name default
security-profile name default
security-profile name default-wds
security wpa2 psk pass-phrase %^%#Nxt(2I--JV&D]OI<hw0EW]^0*E6KdEV~M2~iUfi#%^%# aes
pmf optional
security-profile name default-mesh
security wpa2 psk pass-phrase %^%#${1V/A6R6Vo$bCYk549(0PLMH|_|sD[Uu_18J$-E%^%# aes
security-profile name 1CHINANET
ssid-profile name default
ssid-profile name 1CHINANET
ssid 1CHINANET
vap-profile name boy
service-vlan vlan-id 210
ssid-profile 1CHINANET
security-profile 1CHINANET
authentication-profile portal_authen_profile
vap-profile name girl
service-vlan vlan-id 210
ssid-profile 1CHINANET
security-profile 1CHINANET
authentication-profile portal_authen_profile
vap-profile name canteen
service-vlan vlan-id 210
ssid-profile 1CHINANET
security