華為 H3C 配置 Portal認證 mac-trigger快速認證 Mac無感知認證 Radius認證計費 對接 外部Portal認證計費系統 案例

介紹：?

? ? ? ? OpenPortal網絡準入認證計費系統，支持用戶名密碼認證、短信認證、釘釘授權認證、微信認證、公眾號認證、答題認證、視頻倒計時認證、人臉識別認證、訪客二維碼授權認證、LDAP AD域結合認證、第三方OA系統擴展認證等等各種認證模式，支持二次代撥認證等技術，支持用戶自助注冊，自行選擇計費套餐進行支付寶、微信自助繳費等。

????????支持與華為所有支持Portal認證的AC控制器如AC6005 AC6605等，以及所有支持Portal認證的三層交換機如S5700 S7606 7706 7703等，以及所有支持Portal認證的接入路由如華為AR-6280等，以及多業務網關BRAS如me60 ?ma5200等設備進行對接。

? ? ? ? OpenPortal包含Portal協議認證系統+Radius AAA認證計費授權系統，支持CMCC V1 V2協議標準，華為Portal協議V1 V2等，支持Radius協議RFC2865，RFC2866標準，支持CMCC標準mac-trigger協議和mac auth標準的MAC優先的MAC快速認證、無感知認證，支持限速策略下發、ACL下發、ip-pool下發等一系列接入策略配置。

需求：

????????H3C-WX系列AC控制器可作為PPPoe撥號、專線連接的出口網關，并且該設備支持L2TP（撥號或者多撥動態IP網絡環境下實現云認證計費服務部署模式），該設備支持mac-trigger協議的MAC快速無感知認證+Portal認證，支持CMCC協議模式和IMC協議模式，支持基于VAP限速和vcl策略下發應用。

具體拓撲如下：

設備配置：?

****************************************************************************** * Copyright (c) 2004-2018 New H3C Technologies Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ******************************************************************************login: admin Password: <H3C-WX2510H>sys System View: return to User View with Ctrl+Z. [H3C-WX2510H]dis cur #version 7.1.064, Release 5226 #sysname H3C-WX2510H #telnet server enable #dialer-group 1 rule ip permit #dhcp enable #password-recovery enable # vlan 1 # vlan 100 # vlan 200 # dhcp server ip-pool wlangateway-list 172.16.0.1network 172.16.0.0 mask 255.255.255.0dns-list 114.114.114.114 202.98.192.67forbidden-ip 172.16.0.1forbidden-ip 172.16.0.10 # interface Dialer0ppp chap password cipher $c$3$MnsrYXKEg3UAugDLYToYM+rvweSIr2YBdw== ppp chap user 0851xxxxxxxx dialer bundle enabledialer-group 1dialer timer idle 0dialer timer autodial 60ip address ppp-negotiatenat outbound # interface Virtual-PPP1ppp chap password cipher $c$3$hgiYV2peyVHqfHszwP0PeYvpne1lIQ== ppp chap user xxxxxxxx ip address ppp-negotiatel2tp-auto-client l2tp-group 1 # interface NULL0 # interface Vlan-interface100ip address 192.168.0.20 255.255.255.0nat outbound undo dhcp select server # interface Vlan-interface200ip address 172.16.0.1 255.255.255.0dhcp server apply ip-pool wlanportal enable method directportal domain v5portal bas-ip 10.0.0.100portal fail-permit server v5portal apply web-server v5portal apply mac-trigger-server v5portal fail-permit web-serverportal outbound-filter enable # interface GigabitEthernet1/0/5port link-mode routedescription wanshutdownpppoe-client dial-bundle-number 0 # interface GigabitEthernet1/0/1port link-mode bridgeport link-type hybridundo port hybrid vlan 1port hybrid vlan 200 untaggedport hybrid pvid vlan 200 # interface GigabitEthernet1/0/2port link-mode bridgeport access vlan 100 # interface GigabitEthernet1/0/3port link-mode bridgeport access vlan 100 # interface GigabitEthernet1/0/4port link-mode bridgeport access vlan 100 #scheduler logfile size 16 # line class consoleuser-role network-admin # line class vtyuser-role network-operator # line con 0user-role network-admin # line vty 0 31authentication-mode schemeuser-role network-operator #ip route-static 0.0.0.0 0 192.168.0.254ip route-static 0.0.0.0 0 Dialer0 preference 100ip route-static 10.0.0.1 32 Virtual-PPP1 #undo info-center logfile enable # acl advanced 3000rule 0 deny ip destination 114.114.114.114 0rule 10 permit ip #radius session-control enableradius nas-ip 192.168.0.20 # radius scheme portalprimary authentication 192.168.0.1primary accounting 192.168.0.1key authentication cipher $c$3$luljjvSNrw/TiOjAFHbig+9EmAtbbSy/Ow==key accounting cipher $c$3$2QBlzJAD/HaBi3qkXtkZ5aqfSXwq6eVObg==timer realtime-accounting 5user-name-format without-domainnas-ip 192.168.0.20 # radius scheme v5primary authentication 10.0.0.1primary accounting 10.0.0.1key authentication cipher $c$3$gkLbvh+cFPOjtAYvqTzGIpQDlUkUqFTtww==key accounting cipher $c$3$1G2kuCiURMD6ywMsvhnznS3K8KIVYhViRQ==timer realtime-accounting 5user-name-format without-domainnas-ip 10.0.0.100 # radius dynamic-author server client ip 192.168.0.1 key cipher $c$3$ZritD/wSB3Dx8xkoJqDXOuuc0izCVlfsvQ==client ip 10.0.0.1 key cipher $c$3$imaB4mamtOkg0YB8nPzyA6RJ0HJg5htCYA== # domain portalauthorization-attribute idle-cut 600 10240authentication portal radius-scheme portalauthorization portal radius-scheme portalaccounting portal radius-scheme portal # domain system # domain v5authorization-attribute idle-cut 600 10240authentication portal radius-scheme v5authorization portal radius-scheme v5accounting portal radius-scheme v5 #domain default enable system # role name level-0description Predefined level-0 role # role name level-1description Predefined level-1 role # role name level-2description Predefined level-2 role # role name level-3description Predefined level-3 role # role name level-4description Predefined level-4 role # role name level-5description Predefined level-5 role # role name level-6description Predefined level-6 role # role name level-7description Predefined level-7 role # role name level-8description Predefined level-8 role # role name level-9description Predefined level-9 role # role name level-10description Predefined level-10 role # role name level-11description Predefined level-11 role # role name level-12description Predefined level-12 role # role name level-13description Predefined level-13 role # role name level-14description Predefined level-14 role # user-group system # local-user admin class managepassword hash $h$6$V6l15zHsaTdPV4Et$mYd9zqUrfLD/gay4+cnAkQGdlh0BbYKYWgVNgVGR9IL9CwR5ueibOiXVom1E5/ZbZMR7tEHpz2Iil+0tcj3CIw==service-type telnet http httpsauthorization-attribute user-role network-admin # l2tp-group 1 mode laclns-ip 39.108.188.100undo tunnel authentication # l2tp enable #portal nas-port-id format 4portal host-check enableportal free-rule 0 source ip 192.168.0.1 255.255.255.255 destination ip anyportal free-rule 1 source ip any destination ip 192.168.0.1 255.255.255.255portal free-rule 10 source ip 114.114.114.114 255.255.255.255 destination ip anyportal free-rule 11 source ip any destination ip 114.114.114.114 255.255.255.255portal free-rule 12 source ip 118.118.118.9 255.255.255.255 destination ip anyportal free-rule 13 source ip any destination ip 118.118.118.9 255.255.255.255portal free-rule 14 source ip 118.118.118.7 255.255.255.255 destination ip anyportal free-rule 15 source ip any destination ip 118.118.118.7 255.255.255.255portal free-rule 16 source ip 202.98.198.167 255.255.255.255 destination ip anyportal free-rule 17 source ip any destination ip 202.98.198.167 255.255.255.255portal free-rule 18 source ip 202.98.192.67 255.255.255.255 destination ip anyportal free-rule 19 source ip any destination ip 202.98.192.67 255.255.255.255portal free-rule 20 source ip 39.108.188.100 255.255.255.255 destination ip anyportal free-rule 21 source ip any destination ip 39.108.188.100 255.255.255.255 # portal web-server portalurl http://192.168.0.1/html_phone_all/index.htmlserver-detect interval 60 retry 2 trapserver-type cmccurl-parameter basip value 192.168.0.20url-parameter mac source-macurl-parameter url original-urlurl-parameter vlan vlanurl-parameter wlanuserip source-address # portal web-server v5url https://portal.openportal.com.cn/index_chooseserver-type cmccurl-parameter basip value 10.0.0.100url-parameter mac source-macurl-parameter url original-urlurl-parameter vlan vlanurl-parameter wlanuserip source-address # portal server portalip 192.168.0.1 key cipher $c$3$btxt8S1jS5tOQlrl+xVpvuaJFUJJLITTlg==server-detect trapserver-type cmcc # portal server v5ip 10.0.0.1 key cipher $c$3$Tru54pt2cHm4xVo17Vl+bdJ3epbN6GO3Vw==server-type cmcc #ip http enableip https enable # portal mac-trigger-server portalip 192.168.0.1 key cipher $c$3$T6WO1a9vipUaJJbV6jZgkSAFnKnxJTvJEA==server-type cmccbinding-retry 1aaa-fail nobinding enable # portal mac-trigger-server v5ip 10.0.0.1 key cipher $c$3$gT5/4cnmESqMniE2zxUQlu2sKswhntmM7A==server-type cmccbinding-retry 1aaa-fail nobinding enable # wlan global-configuration # wlan ap-group default-groupvlan 1 # return

?OpenPortal對接截圖：

總結

以上是生活随笔為你收集整理的华为 H3C 配置 Portal认证 mac-trigger快速认证 Mac无感知认证 Radius认证计费 对接 外部Portal认证计费系统 案例的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。