1、DCNDCSMRSDCSMBR与DCN交换机做8021X多FREERESOURCE和8021X的WEB重定向功能认证手册V01100802.1X多FREESOURCE和802.1X的WEB重定向功能配置手册神州数码网络有限公司编写人:陈彦斌2014 年 2 月 20日功能描述部署DCSM-RS认证计费设备旁路时配合DCRS-5750和DCRS-3950实现802.1X认证前可以重定向到某个指定的网址和支持多条freeresource的功能。一DCSM-BW管理端配置步骤 DCSM-BW与DCSM-RS联通调试见” DCSM-BW与DCSM-BR(DCSM-RS)快速配置手册”DCSM管理端配置
2、步骤:创建资费组创建地区组创建带宽组创建套餐组设置RADIUS服务器创建用户1. 登陆WEB管理端 在IE浏览器中输入“http:/x.x.x.x/DCSMManager”(其中x.x.x.x为DCSM-BW服务器的IP地址)。将得到DCSM-BW管理端登录页面,如下图: 输入初始用户名/密码:9000/123,将进入管理端首页。 2. 创建资费组在【策略管理】【资费组配置】里先配置一个资费组(测试的时候可以选择合约用户组类型,费率为0,即免费组)。 新建资费组,如图: 在合约资费里设置费率为0,如图: 在资费组里的控制策略勾选“允许RADIUS认证”,如图:此时【资费组配置】配置完毕。3.
3、创建地区组在【地区组配置】里新建地区组,如图: 4. 创建带宽组在【目标地址带宽】里先设置好带宽值,以下配置了1M带宽值和4M带宽值。小提示:DCSM-BW的带宽单位是KBPS,传统的带宽值是kbps,需要注意。如图:1M带宽值:4M带宽值:【目标地址带宽】创建完毕,如图: 在【带宽组配置】中将【目标地址带宽】创建好的配置添加。创建1M带宽组,如图: 创建4M带宽组,如图: 【带宽组配置】配置完成,如图: 5. 创建套餐组在【套餐组配置】中将【资费组配置】,【地区组配置】,【带宽组配置】捆绑成【套餐组配置】。小提示:需要注意的是【套餐组配置】中的“套餐代码”,“套餐代码”设置成一样的数字的时候
4、账户是可以在相同“套餐代码”中的套餐切换,反之不通“套餐代码”中的套餐是无法切换的。 如图:创建1M套餐组创建4M套餐组 套餐组创建完毕 6. 设置RADIUS服务器在【设备管理】中的【RADIUS服务器】添加802.1X交换机地址。备注:其中“参数”里DCN交换机配置:DM0:SM。再【RADIUS服务器】里导出EXCEL模板,在模板中添加交换机设置,如图:导出EXCEL模板 设置ECXEL模板 EXCEL模板完成后,导入EXCEL,完成7. 创建用户在【用户管理】中【业务受理】里的【开户】设置用户来完成测试。如图:创建1M用户test 创建4M用户test18. DCSM-RS中关闭下发带
5、宽功能在DCSM-RS中关闭下发带宽属性的功能以防止DCSM-RS将带宽下发给交换机,telnet到DCSM-RS上,账号/密码:ishaer/123(默认),输入:option unsend197att 1如图:输入完毕后使用sysoption查看该功能是否开启二DCN交换机802.1X认证1. DCN交换机配置 以下是DCSM-RS对于DCN交换机Dot1x认证,这里以DCRS-5750交换机为例。文档中只涉及802.1X相关配置,路由以及vlan信息这里不做考虑。XSSS3-DCRS-5750-52T-2F#show run!no service password-encryption!
6、hostname XSSS3-DCRS-5750-52T-2FsysLocation ChinasysContact 800-810-9119!username admin privilege 15 password 0 admin!snmp-server enablesnmp-server securityip 10.10.20.229snmp-server host 10.10.20.229 v1 usertrapsnmp-server community ro 0 publicsnmp-server community rw 0 privatesnmp-server enable tra
7、ps!ip dhcp snooping enable ip dhcp snooping binding enable !loopback-detection interval-time 35 15!loopback-detection control-recovery timeout 300!vlan 1;10-30 !radius-server key 0 testradius-server authentication host 10.10.20.225radius-server accounting host 10.10.20.225aaa-accounting enableaaa en
8、able!dot1x enabledot1x web redirect http:/10.10.20.226/Selfdot1x free-resource 10.10.20.226 255.255.255.255dot1x free-resource 10.10.20.225 255.255.255.255dot1x free-resource 42.120.23.244 255.255.255.255dot1x free-resource 61.135.209.173 255.255.255.255dot1x free-resource 58.253.96.22 255.255.255.2
9、55dot1x free-resource 112.90.217.182 255.255.255.255dot1x free-resource 211.138.236.206 255.255.255.255dot1x free-resource 211.137.182.167 255.255.255.255dot1x free-resource 211.138.236.208 255.255.255.255dot1x privateclient enabledot1x unicast enable!Interface Ethernet1/0/1 switchport access vlan 2
10、1 dot1x enable dot1x port-method userbased standard dot1x webredirect enable loopback-detection specified-vlan 21 loopback-detection control shutdown ip dhcp snooping binding dot1x ip dhcp snooping action blackhole recovery 30!Interface Ethernet1/0/2 switchport access vlan 21 dot1x enable dot1x port
11、-method userbased standard dot1x webredirect enable loopback-detection specified-vlan 21 loopback-detection control shutdown ip dhcp snooping binding dot1x ip dhcp snooping action blackhole recovery 30!Interface Ethernet1/0/3 switchport access vlan 21 dot1x enable dot1x port-method userbased standar
12、d dot1x webredirect enable loopback-detection specified-vlan 21 loopback-detection control shutdown ip dhcp snooping binding dot1x ip dhcp snooping action blackhole recovery 30!Interface Ethernet1/0/4 switchport access vlan 21 dot1x enable dot1x port-method userbased standard dot1x webredirect enabl
13、e loopback-detection specified-vlan 21 loopback-detection control shutdown ip dhcp snooping binding dot1x ip dhcp snooping action blackhole recovery 30!Interface Ethernet1/0/5 switchport access vlan 21 dot1x enable dot1x port-method userbased standard dot1x webredirect enable loopback-detection spec
14、ified-vlan 21 loopback-detection control shutdown ip dhcp snooping binding dot1x ip dhcp snooping action blackhole recovery 30!Interface Ethernet1/0/6 switchport access vlan 22 dot1x enable dot1x port-method userbased standard dot1x webredirect enable loopback-detection specified-vlan 22 loopback-de
15、tection control shutdown ip dhcp snooping binding dot1x ip dhcp snooping action blackhole recovery 30!Interface Ethernet1/0/7 switchport access vlan 22 dot1x enable dot1x port-method userbased standard dot1x webredirect enable loopback-detection specified-vlan 22 loopback-detection control shutdown
16、ip dhcp snooping binding dot1x ip dhcp snooping action blackhole recovery 30!Interface Ethernet1/0/8 switchport access vlan 22 dot1x enable dot1x port-method userbased standard dot1x webredirect enable loopback-detection specified-vlan 22 loopback-detection control shutdown ip dhcp snooping binding
17、dot1x ip dhcp snooping action blackhole recovery 30!Interface Ethernet1/0/9 switchport access vlan 22 dot1x enable dot1x port-method userbased standard dot1x webredirect enable loopback-detection specified-vlan 22 loopback-detection control shutdown ip dhcp snooping binding dot1x ip dhcp snooping ac
18、tion blackhole recovery 30!Interface Ethernet1/0/10 switchport access vlan 22 dot1x enable dot1x port-method userbased standard dot1x webredirect enable loopback-detection specified-vlan 22 loopback-detection control shutdown ip dhcp snooping binding dot1x ip dhcp snooping action blackhole recovery
19、30!Interface Ethernet1/0/11 switchport access vlan 23 dot1x enable dot1x port-method userbased standard dot1x webredirect enable loopback-detection specified-vlan 23 loopback-detection control shutdown ip dhcp snooping binding dot1x ip dhcp snooping action blackhole recovery 30! Interface Ethernet1/
20、0/12 switchport access vlan 23 dot1x enable dot1x port-method userbased standard dot1x webredirect enable loopback-detection specified-vlan 23 loopback-detection control shutdown ip dhcp snooping binding dot1x ip dhcp snooping action blackhole recovery 30!Interface Ethernet1/0/13 switchport access v
21、lan 23 dot1x enable dot1x port-method userbased standard dot1x webredirect enable loopback-detection specified-vlan 23 loopback-detection control shutdown ip dhcp snooping binding dot1x ip dhcp snooping action blackhole recovery 30!Interface Ethernet1/0/14 switchport access vlan 23 dot1x enable dot1
22、x port-method userbased standard dot1x webredirect enable loopback-detection specified-vlan 23 loopback-detection control shutdown ip dhcp snooping binding dot1x ip dhcp snooping action blackhole recovery 30!Interface Ethernet1/0/15 switchport access vlan 23 dot1x enable dot1x port-method userbased
23、standard dot1x webredirect enable loopback-detection specified-vlan 23 loopback-detection control shutdown ip dhcp snooping binding dot1x ip dhcp snooping action blackhole recovery 30!Interface Ethernet1/0/16 switchport access vlan 24 dot1x enable dot1x port-method userbased standard dot1x webredire
24、ct enable loopback-detection specified-vlan 24 loopback-detection control shutdown ip dhcp snooping binding dot1x ip dhcp snooping action blackhole recovery 30!Interface Ethernet1/0/17 switchport access vlan 24 dot1x enable dot1x port-method userbased standard dot1x webredirect enable loopback-detec
25、tion specified-vlan 24 loopback-detection control shutdown ip dhcp snooping binding dot1x ip dhcp snooping action blackhole recovery 30!Interface Ethernet1/0/18 switchport access vlan 24 dot1x enable dot1x port-method userbased standard dot1x webredirect enable loopback-detection specified-vlan 24 l
26、oopback-detection control shutdown ip dhcp snooping binding dot1x ip dhcp snooping action blackhole recovery 30!Interface Ethernet1/0/19 switchport access vlan 24 dot1x enable dot1x port-method userbased standard dot1x webredirect enable loopback-detection specified-vlan 24 loopback-detection contro
27、l shutdown ip dhcp snooping binding dot1x ip dhcp snooping action blackhole recovery 30!Interface Ethernet1/0/20 switchport access vlan 24 dot1x enable dot1x port-method userbased standard dot1x webredirect enable loopback-detection specified-vlan 24 loopback-detection control shutdown ip dhcp snoop
28、ing binding dot1x ip dhcp snooping action blackhole recovery 30!Interface Ethernet1/0/21 switchport access vlan 25 dot1x enable dot1x port-method userbased standard dot1x webredirect enable loopback-detection specified-vlan 25 loopback-detection control shutdown ip dhcp snooping binding dot1x ip dhc
29、p snooping action blackhole recovery 30!Interface Ethernet1/0/22 switchport access vlan 25 dot1x enable dot1x port-method userbased standard dot1x webredirect enable loopback-detection specified-vlan 25 loopback-detection control shutdown ip dhcp snooping binding dot1x ip dhcp snooping action blackh
30、ole recovery 30!Interface Ethernet1/0/23 switchport access vlan 25 dot1x enable dot1x port-method userbased standard dot1x webredirect enable loopback-detection specified-vlan 25 loopback-detection control shutdown ip dhcp snooping binding dot1x ip dhcp snooping action blackhole recovery 30!Interface Ethernet1/0/24 switchport access vlan 25 dot1x enable dot1x port-method userbased standard dot1x webredirect enable loopback-detection specified-vlan 25 loopback-detection control shutdown ip dhcp sn
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1