完整word版ZhuoMaiPortal对接实例.docx

1、完整word版ZhuoMaiPortal对接实例1.对接爱快拓扑：相关上网地址：爱快LAN：192.168.1.1/24Portal地址：192.168.1.2/24 GAT 192.168.1.1 DNS:61.139.2.69认证终端地址：192.168.1.3-192.168.1.254/24 GAT 192.168.1.1 DNS:61.139.2.69配置前需：不开启认证情况用户终端可通过网关正常上网；开启认证portal服务器能和认证终端正常通信。网关对接设置：（常见IP设置请参考爱快手册）Radius对接（IP以及访问参考卓迈计费配置手册）添加地区添加NAS（添加完后需要应用配置

2、）添加限速模板添加套餐模板（公共账号没有什么时间限制）添加公共账号Portal对接设置（常见IP上网参数设置请参考卓迈portal手册）以上配置完毕后效果：用户接入认证网络主动弹出认证页面点击一键认证，认证成功。其余认证方式请阅读以后接下来的认证方式对应配置。2.对接华为交换机以对接华为9303交换机为例拓扑华为9303相关配置domain hw /必须设置要与AAA domain一致/radius配置radius-server template rd_portal -radius模板 radius-server shared-key cipher 123456 -共享密钥 radius-se

3、rver authentication 172.16.45.253 1812 -认证地址端口 radius-server accounting 172.16.45.253 1813 -计费地址端口 radius-server retransmit 2 timeout 10 -转发超时次数 undo radius-server user-name domain-included -认证不带域 calling-station-id mac-format dot-split mode2 -MAC上传radius格式/portal设置web-auth-server portal -建立portal模板

4、 server-ip 172.16.45.253 -设置portal地址 port 50100 -设置跳转地址 shared-key cipher 123456 -设置密钥 url http:/172.16.45.253 -设置端口50100/AAA配置aaa -认证计费均采用radius模板 authentication-scheme 999 authentication-mode radiusaccounting-scheme 888 accounting-mode radiusdomain hw authentication-scheme 999 accounting-scheme 88

5、8 radius-server rd_portal/IP相关配置ip pool vlan9 -设置dhcp gateway-list 172.16.8.254 network 172.16.8.0 mask 255.255.255.0lease day 0 hour 4 minute 0 dns-list 114.114.114.114interface Vlanif8 -设置vlan8IP ip address 172.16.45.254 255.255.255.0interface Vlanif9 -设置vlan9IP并开启dhcp ip address 172.16.8.254 255.

6、255.255.0dhcp select globalinterface GigabitEthernet1/0/1 port link-type access port default vlan 8interface GigabitEthernet1/0/2 port link-type access port default vlan 9ip route-static 0.0.0.0 0.0.0.0 192.168.0.1 -设置默认网关/portal配置应用interface Vlanif9 ip address 172.16.8.254 255.255.255.0dhcp select

7、globalweb-auth-server portal layer3 -开启portal认证 /认证白名单portal free-rule 1 destination ip 172.16.8.254 mask 255.255.255.255portal free-rule 2 destination ip 172.16.45.253 mask 255.255.255.255portal free-rule 3 destination ip 114.114.114.114 mask 255.255.255.255-排除网关、portal服务器、DNSRadius对接（IP以及访问参考卓迈计费配

8、置手册）添加地区添加NAS（添加完后需要应用配置）添加限速模板添加套餐模板（公共账号没有什么时间限制）添加公共账号Portal对接设置（常见IP上网参数设置请参考卓迈portal手册）以上配置完毕后效果：用户接入认证网络主动弹出认证页面点击一键认证，认证成功。其余认证方式请阅读以后接下来的认证方式对应配置。3.对接华为AC以对接华为AC6005为例拓扑：相关配置:1、将无线认证用户及设备划分到VLAN20vlan 20 description user_vlan2、配置Radius认证模板radius-server template radius_portalradius-server sha

9、red-key cipher 123456radius-server authentication 192.168.10.2 1812 weight 80radius-server accounting 192.168.10.2 1813 weight 80undo radius-server user-name domain-includedurl-template name urlTemplate_03、配置Portal认证对接的参数web-auth-server portalserver-ip 192.168.10.2port 50100shared-key cipher 123456u

10、rl http:/192.168.10.2url-template urlTemplate_04、配置无线认证用户的地址池、网关及DNSip pool vlan20gateway-list 172.16.8.1 network 172.16.8.0 mask 255.255.255.0 lease day 0 hour 2 minute 0 dns-list 114.114.114.1145、配置AAA模板Domain aaa authentication-scheme radius_portal authentication-mode radius accounting-scheme rad

11、ius_portal accounting-mode radius domain authentication-scheme radius_portal accounting-scheme radius_portal radius-server radius_portal 6、配置地址以及在Vlan20中启用Portal认证interface Vlanif1ip address 192.168.0.1 255.255.255.0 interface Vlanif10ip address 192.168.10.1 255.255.255.0 interface Vlanif20ip addres

12、s 172.16.8.1 255.255.255.0 web-auth-server portal directdhcp select global7.认证白名单：网关DNSPortalportal free-rule 1 destination ip 172.16.8.1 mask 255.255.255.255portal free-rule 2 destination ip 192.168.10.2 mask 255.255.255.255portal free-rule 3 destination ip 114.114.114.114 mask 255.255.255.2558、其他配

13、置如下：interface GigabitEthernet0/0/1port link-type accessport default vlan 20interface GigabitEthernet0/0/2port link-type accessport default vlan 10ip route-static 0.0.0.0 0.0.0.0 192.168.0.1配置Radius：参考对接华为交换机中配置配置portal：参考对接华为交换机中配置配置成功后能达到效果：连接wifi弹出认证界面点击一键认证认证成功4.对接H3C交换机拓扑3. 配置步骤(1) IAG 配置# 配置Por

14、tal server，其中key 和端口号根据具体组网配置。portal server 8042 ip 192.168.10.2 key 123456 url http:/192.168.10.2# 配置portal free-rule，允许客户端在未进行Portal 认证之前访问网关。portal free-rule 0 source any destination ip 172.16.8.1 mask 255.255.255.255# 配置portal free-rule，允许客户端在未进行Portal 认证之前访问DNS 服务器。portal free-rule 1 source any

15、 destination ip 192.168.10.2 mask 255.255.255.255# 配置Radius 服务器。radius scheme 8042primary authentication 192.168.10.2 key 123456primary accounting 192.168.10.2 key 123456user-name-format without-domainnas-ip 192.168.10.1# 配置认证域。domain 8042authentication portal radius-scheme 8042authorization portal

16、radius-scheme 8042accounting portal radius-scheme 8042access-limit disablestate activeidle-cut enable 10 102400self-service-url disable# 配置DHCP server 地址池。dhcp server ip-pool 1network 172.16.8.0 mask 255.255.255.0gateway-list 172.16.8.1dns-list 114.114.114.114expired day 0 hour 12# 配置接口。interface Te

17、n-GigabitEthernet0/0.2vlan-type dot1q vid 248ip address 172.16.8.1 255.255.0.0# 配置ARP 授权，禁止不经DHCP 分配的IP 地址的访问。arp authorized enabledhcp update arp# 启用Portal。portal server 8042 method direct# 指定Portal 认证域。portal domain 8042# 指定与Portal server 交互的IP 地址，必须本机上存在的IP 地址。portal nas-ip 192.168.10.2# 配置探测用户ARP。access-user detect type arp retransmit 2 interval 5# 配置公网接口。interface Ten-GigabitEthernet0/0.192vlan-type dot1q vid 192ip address 192.168.0.2 255.255.255.0# 配置路由。ip route-static 0.0.0.0 0.0.0.0 192.168.0.15.对接H3C AC配置radius配置portal配置完成后:手机连接WiFi自动弹出认证界面点击一键认证对接完成6.对接中兴BAS7.对接汉明AC8.对接ROS9.对接锐捷交换机