本地转发下portal本地认证典型配置

Client连接到AP无线网络，通过portal认证接入网络。

1.首先将AP的本地文本和portal认证http通过FTP服务器上传到AC

108 -rw- 196 Jan 13 2022 09:08:20 test10.txt

45 -rw- 21434 Jan 13 2022 09:08:38 abc.zip

TXT文本内容

system-view

vlan 99

quit

interface GigabitEthernet 1/0/2

port link-type trunk

port trunk permit vlan 99

2.在AC上创建vlan98，并配置IP地址，通过该地址和AP建立CAPWAP隧道

[AC]vlan 98

[AC-vlan98]int vlan 98

[AC-Vlan-interface98]ip add 192.168.98.254 24

3.创建vlan99，并配置IP地址，client通过该vlan获取IP接入无线网络

[AC]vlan 99

[AC-vlan99]int vlan 99

[AC-Vlan-interface99]ip add 192.168.99.254 24

4.配置DHCP地址池

dhcp server ip-pool test

 gateway-list 192.168.98.254

 network 192.168.98.0 mask 255.255.255.0

dhcp server ip-pool test1

 gateway-list 192.168.99.254

 network 192.168.99.0 mask 255.255.255.0

5.创建无线服务模板test2

[AC]wlan service-template test2

[AC-wlan-st-test2]vlan 99

[AC-wlan-st-test2]client forwarding-location ap

6.创建AP

[AC-V7]wlan ap test2 model WA4620i-CAN

[AC-wlan-ap-test2]serial-id 210235A1BRC145XXX105

[AC-wlan-ap-test2]map-configuration test10.txt

[AC-wlan-ap-test2]radio 2

[AC-wlan-ap-test2-radio-2]service-template test2

[AC-wlan-ap-test2]radio 2 enable

7.配置认证域

[WX5540E-V7]domain test2

authorization-attribute idle-cut 15 1024   //设置用户闲置切断时间为15分钟，流量为1024

 authentication portal local

 authorization portal none

 accounting portal none

8.配置portal web服务器和本地portal web服务器

[AC]portal web-server test2

url http://192.168.99.254:8080/portal

 url-parameter wlanuserip source-address   //配置重定向给用户portal web服务器的URL参数

[AC]portal local-web-server http

portal local-web-server http

 default-logon-page abc.zip

9.创建本地portal认证用户名密码

[AC]local-user admin class network

[AC-luser-network-admin]password cipher admin

[AC-luser-network-admin]service-type portal

10.开启无线portal漫游功能

[AC]portal roaming enable

[AC]undo portal refresh arp enable //关闭portal客户端ARP表项固化功能

[AC]portal host-check enable   //开启portal客户端合法性检查

11.在无线服务模板上使能直接方式的portal认证

[ AC ]wlan service-template test

[ AC -wlan-st-test2]portal domain test2

[ AC  -wlan-st-test2]portal apply web-server test2

[ AC  -wlan-st-test2]service-template enable

12.AC连接SW的接口配置trunk模式并允许vlan98, 99通过

[ AC  ]int g1/0/8

Port link-type trunk

Port trunk permit vlan 98 99

13.在SW上进行配置

[SW]vlan 98

[SW-vlan98]vlan 99

[SW-EI]int g1/0/3

Port link-type trunk

Port trunk permit vlan 98 99

[SW]int g1/0/12

port link-type trunk

 port trunk permit vlan 1 98 to 99

 port trunk pvid vlan 98

 poe enable

实验验证

Client通过无线连接进行portal页面认证

认证成功后再AC上查看portal用户信息