WX系列AC不同SSID不同认证页面的本地Portal认证功能的配置
一、 组网需求:
WX系列AC、FIT AP、交换机、便携机(安装有无线网卡)
二、 组网图:
WX AC上VLAN1地址为192.168.0.254、VLAN2地址为192.168.1.254。
WA2220X-AG属于VLAN1,无线客户端属于VLAN2。
本配置举例中的AC使用的是H3C WX5000系列无线交换机设备。
三、 特性介绍:
本特性丰富了Portal特性,简化了Portal的部署,不需要额外部署Portal Server,且可以实现多个网段的区分登录界面,并绑定SSID,大大加强了Portal模块的丰富性。
本特性的应用场景:当客户部署Portal业务时,需要Portal认证页面是自己特色页面,并且希望不同网段的用户使用不同的登录页面,同时和SSID绑定,而不想使用设备自带的Web页面。
四、 配置信息:
#
sysname AC
#
domain default enable system
#
telnet server enable
#
port-security enable
#
portal server local ip 192.168.0.254
portal free-rule 0 source interface GigabitEthernet1/0/1 destination any
portal local-server http
portal local-server bind ssid portal1 file http.zip
#
vlan 1
#
vlan 2 to 3
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool 1
network 192.168.0.0 mask 255.255.255.0
gateway-list 192.168.0.254
dns-list 20.20.20.1
#
dhcp server ip-pool 2
network 192.168.1.0 mask 255.255.255.0
gateway-list 192.168.1.254
#
dhcp server ip-pool 3
network 192.168.2.0 mask 255.255.255.0
gateway-list 192.168.2.254
#
user-group system
#
local-user admin
password simple admin
authorization-attribute level 3
service-type telnet
local-user portal
password simple portal
service-type portal
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan radio-policy 1
client max-count 4
#
wlan service-template 1 clear
ssid portal1
bind WLAN-ESS 1
service-template enable
#
wlan service-template 2 clear
ssid portal2
bind WLAN-ESS 2
service-template enable
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.0.254 255.255.255.0
#
interface Vlan-interface2
ip address 192.168.1.254 255.255.255.0
portal server local method direct
#
interface Vlan-interface3
ip address 192.168.2.254 255.255.255.0
portal server local method direct
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface M-Ethernet1/0/1
#
interface WLAN-ESS1
port access vlan 2
#
interface WLAN-ESS2
port access vlan 3
#
wlan ap a model WA2220X-AG
serial-id 210235A29G007C000010
radio 1
radio 2
service-template 1
service-template 2
radio enable
#
dhcp enable
#
load xml-configuration
#
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
#
return
五、 主要配置步骤:
# 配置portal定制包,在AC Flash中新建一个名为portal的文件夹
mkdir portal # 通过dir查看Flash中的创建文件的信息
#查看当前portal文件夹信息
cd portal
dir
# 上传portal的定制文件http.zip到flash:/portal中
tftp 192.168.1.1 get http.zip
# 配置portal本地认证的用户
[AC]local-user portal
[AC-luser-portal]service-type portal
[AC-luser-portal]password simple portal
# 配置无线服务模板
[AC]wlan service-template 1 clear
[AC-wlan-st-1]ssid portal1
[AC-wlan-st-1]bind WLAN-ESS 1
[AC-wlan-st-1]service-template enable
[AC-wlan-st-1]quit
[AC]wlan service-template 2 clear
[AC-wlan-st-1]ssid portal2
[AC-wlan-st-1]bind WLAN-ESS 2
[AC-wlan-st-1]service-template enable
[AC-wlan-st-1]quit
# 配置无线接口,将无线接口添加到起Portal的VLAN
[AC]interface WLAN-BSS 1
[AC-WLAN-BSS1] port access vlan 2
[AC-WLAN-BSS1]quit
[AC]interface WLAN-BSS 2
[AC-WLAN-BSS2] port access vlan 3
[AC-WLAN-BSS2]quit
# 在AC下绑定无线服务模板
[AC-wlan-ap-a]serial-id 210235A29G007C000010
[AC-wlan-ap-a]radio 2
[AC-wlan-ap-a-radio-2]service-template 1
[AC-wlan-ap-a-radio-2]service-template 2
[AC-wlan-ap-a-radio-2]radio enable
[AC-wlan-ap-a-radio-2]quit
# 配置Portal Server和免认证规则,配置SSID“portal1”与上传的http.zip文件绑定(SSID“ portal2”使用默认的Web页面)
[AC]portal server local ip 192.168.0.254
[AC]portal free-rule 0 source interface GigabitEthernet1/0/1 destination any
[AC]portal local-server http
[AC]portal local-server bind ssid portal1 file http.zip
# 在对应的VLAN接口上启用Portal认证
[AC]interface Vlan-interface 2
[AC-Vlan-interface2]ip address 192.168.1.254 255.255.255.0
[AC-Vlan-interface2]portal server local method direct
[AC-Vlan-interface2]quit
[AC]interface Vlan-interface 3
[AC-Vlan-interface3]ip address 192.168.2.254 255.255.255.0
[AC-Vlan-interface3]portal server local method direct
[AC-Vlan-interface3]quit
六、 结果验证:
#STA连接SSID“portal1”,在STA上IE直接输入任意IP地址,会推出定制的http认证页面。
认证页面如下:
1、输入用户名和密码,登录成功.
2、推出portal认证下线成功页面
#STA连接SSID“portal2”,在STA上IE直接输入任意IP地址,会推出设备默认http认证页面。
认证页面如下:
1、输入用户名和密码,登录成功
.
2、推出Portal认证下线成功页面
使用display portal user interface Vlan-interface 查看不同SSID (且属于不同网段)连接上来的portal认证用户信息。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作