WX系列 无线PPPOE远程认证典型配置
本配置举例中,使用WX5004作为无线控制器,版本号为R3507P14。AC作为AP网关(vlan-interface1:192.168.1.254/24)并配置DHCP server为AP分配IP地址。AC作为STA网关(vlan-interface10:192.168.10.254/24)并配置DHCP Server为STA分配IP地址。交换机为AP提供POE供电。
#
version 5.20, Release 2308P10
#
sysname WX5004
#
ftp server enable
#
domain default enable system
#
telnet server enable
#
port-security enable
#管理vlan
vlan 1
#业务vlan
vlan 10
#服务器互联vlan
vlan 100
#配置radius策略,服务器ip地址:10.153.43.100,密钥:wcq
radius scheme pppoe
server-type extended
primary authentication 10.153.43.100
primary accounting 10.153.43.100
key authentication cipher wcq
key accounting cipher wcq
user-name-format without-domain
nas-ip 10.153.43.157
#pppoe域的配置
domain pppoe
authentication ppp radius-scheme pppoe
authorization ppp radius-scheme pppoe
accounting ppp radius-scheme pppoe
access-limit disable
state active
idle-cut disable
self-service-url disable
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#AP注册地址池
dhcp server ip-pool pool-ap
network 192.168.1.0 mask 255.255.255.0
gateway-list 192.168.1.254
#无线客户端地址池
dhcp server ip-pool pool-sta
network 192.168.10.0 mask 255.255.255.0
gateway-list 192.168.10.254
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$rebkKGCV78uZ2NnmpbWYHdWKy/tQIlx3
authorization-attribute level 3
service-type portal
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#配置无线服务模板
wlan service-template 1 clear
ssid h3c-www
bind WLAN-ESS 1
service-template enable
#配置虚拟模板
interface Virtual-Template1
ppp authentication-mode chap domain pppoe
ppp ipcp dns 202.106.0.20
remote address pool pool-sta
ip address 192.168.10.254 255.255.255.0
#将PPPOE的虚接口绑定到vlan10上
interface Vlan-interface10
pppoe-server bind Virtual-Template 1
#接入服务器的vlan三层虚接口ip为 10.153.43.157
interface Vlan-interface100
ip address 10.153.43.157 255.255.255.0
#
interface GigabitEthernet1/0/1
port access vlan 100
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/4
#
interface WLAN-ESS1
port access vlan 10
#
nqa entry imclinktopologypleaseignore ping
type icmp-echo
destination ip 10.153.43.254
frequency 270000
#
wlan ap ap1 model WA1208E-GP-H20 id 1
serial-id C4CA-D90A-1520
radio 1
max-power 10
service-template 1
radio enable
#
ip route-static 0.0.0.0 0.0.0.0 10.153.43.100
#
undo info-center logfile enable
#
snmp-agent
snmp-agent local-engineid 800063A2033CE5A684342E
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 10.153.43.100 params securityname public v2c
#
dhcp enable
#
nqa schedule imclinktopologypleaseignore ping start-time now
①配置虚拟模板
interface Virtual-Template1
#采用CHAP方法验证对端设备,使用指定的域PPPOE进行验证
ppp authentication-mode chap domain pppoe
#配置dns服务器
ppp ipcp dns 202.106.0.20
#为客户端分配IP地址使用地址池pool-sta
remote address pool pool-sta
#虚拟接口模板的IP地址为192.168.10.254/24
ip address 192.168.10.254 255.255.255.0
#将PPPOE的虚接口绑定到vlan10上
interface Vlan-interface10
pppoe-server bind Virtual-Template 1
interface Vlan-interface10
pppoe-server bind Virtual-Template 1
wlan service-template 1 clear
ssid h3c-www
bind WLAN-ESS 1
service-template enable
wlan ap ap1 model WA1208E-GP-H20 id 1
serial-id C4CA-D90A-1520
radio 1
max-power 10
service-template 1
radio enable
radius scheme pppoe
server-type extended
primary authentication 10.153.43.100
primary accounting 10.153.43.100
key authentication cipher wcq
key accounting cipher wcq
user-name-format without-domain
nas-ip 10.153.43.157
#pppoe域的配置
domain pppoe
authentication ppp radius-scheme pppoe
authorization ppp radius-scheme pppoe
accounting ppp radius-scheme pppoe
请借鉴《WX系列AC与IMCv7平台配合进行远程portal认证的典型配置》IMC相关配置。
连接ssid“h3c-www”,在PC上新建PPPOE拨号连接,用户名wuchengqi,密码wcq,成功认证接入。
1.PPPOE认证前,客户端无法ping通服务器10.153.43.100
2.认证成功后,客户端可以ping通服务器10.153.43.100
3.查看PC所连接网络的详细信息,PC所获得IP地址:192.168.10.4,DNS服务器地址:202.106.0.20
4.查看客户端信息
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作