深信服对接IP:10.1.1.2
H3C无线控制器对接IP:10.1.1.1
上网网段:vlan1 10.1.1.0/24
interface Vlan-interface1
destination 设备管理
ip address 10.1.1.1 255.255.255.0
#
wlan service-template office
ssid office
client-security authentication-mode mac
client-security ignore-authentication
mac-authentication domain mac
portal enable method direct
portal domain portal
portal bas-ip 10.1.1.1 /无线控制器管理IP
portal apply web-server portal
service-template enable
#
radius session-control enable
#
radius scheme portal
primary authentication 10.1.1.2
primary accounting 10.1.1.2
key authentication simple 123123123
key accounting simple 123123123
user-name-format without-domain
nas-ip 10.1.1.1 /无线控制器管理IP
#
radius dynamic-author server
client ip 10.1.1.2 key simple 123123123
#
domain mac
authorization-attribute idle-cut 11520 1024
authentication lan-access radius-scheme portal
authorization lan-access radius-scheme portal
accounting lan-access radius-scheme portal
#
domain portal
authorization-attribute idle-cut 15 1024
authentication portal radius-scheme portal
authorization portal radius-scheme portal
accounting portal none
#
portal host-check enable
portal free-rule 1 destination ip any udp 53 /dns端口放白名单,触发dns解析才能正常弹窗
portal free-rule 2 destination ip any tcp 53 /dns端口放白名单,触发dns解析才能正常弹窗
portal free-rule 3 destination ip any tcp 5223 /苹果弹窗会用到5223端口
#
portal web-server portal
url
http://10.1.1.2/cid/6197/portal.html
#
portal server portal
ip 10.1.1.2 key simple 123123123
#
wlan ap ap001 model WAK522
radio 1
radio enable
service-template office
radio 2
radio enable
service-template office
#
snmp-agent
snmp-agent community read qddsr
snmp-agent sys-info version v2c
查看用户上线状态:
第一次上线查看portal认证用户
dis portal user ip x.x.x.x
第二次上线通过mac无感知上线
dis mac-authentication connection
楼主
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
发表于 2024-9-12 02:54
技术员3级 
