LTE-FI AP和AC建立隧道,portal走本地转发。
1、 配置本地播存和本地内容更新
2、 配置本地portal
3、 配置gps上传
AC的配置
配置信任的AAA,接收DM信息
radius dynamic-author client trusted ip 102.1.1.1
配置DNS
dns resolve
dns proxy enable
dns server 8.8.8.8
配置portal认证
portal server test-portal ip 101.1.1.1 url http://101.1.1.1:8088/portal/showlogin.do server-type cmcc //本地portal认证时需要imc和AC进行portal报文的交互
配置free rule 放行到imc等不需要认证的流量
portal free-rule 2 source ip any destination ip 172.19.196.254 mask 255.255.255.255
portal free-rule 4 source interface Bridge-Aggregation1 destination any
portal free-rule 5 source ip any destination ip 100.1.1.1 mask 255.255.255.255
如下free-rule为dns的地址
portal free-rule 6 source ip any destination ip 8.8.8.8 mask 255.255.255.255
portal free-rule 7 source ip any destination ip 211.138.91.2 mask 255.255.255.255
portal free-rule 8 source ip any destination ip 211.138.91.2 mask 255.255.255.255
CMCC在认证过程中需要提供设备的参数
portal device-id 0205.0024.240.00
portal url-param include nas-id
portal url-param include user-mac des-encrypt param-name wlanparameter
portal url-param include nas-ip param-name wlanacip
portal url-param include ap-mac
portal url-param include user-url
Portal在AC上需要和wlan用户联动
portal host-check wlan
portal用户从wlan用户中得到用户信息
wlan client learn-ipaddr enable
portal配置认证方案和domain
radius scheme test-portal
server-type extended
primary authentication 101.1.1.1
primary accounting 101.1.1.1
key authentication cipher $c$3$fhWNk39b8sZN8iK9eZ2eZAwmzzmywI7e97g=
key accounting cipher $c$3$t1Zq41BdQ/6728SWxNzdSgh3haQiF3NaZDU=
user-name-format without-domain
nas-ip 100.1.1.1
retry stop-accounting 10
domain test-portal
authentication portal radius-scheme test-portal
authorization portal radius-scheme test-portal
accounting portal radius-scheme test-portal
access-limit disable
state active
idle-cut disable
self-service-url disable
为本地portal用户创建模板
wlan service-template 10 clear
ssid test-portal
bind WLAN-ESS 10
client max-count 100
user-isolation enable
client forwarding-mode local
authentication-mode local
service-template enable
配置ap组
wlan ap-group default_group
ap ap1
配置用户的vlan接口
interface Vlan-interface1 //配置用户的网关,这里使用portal,完成imc和AC的portal交互
description 用户网关
ip address 172.19.196.254 255.255.255.0
dhcp server apply ip-pool gk30
portal server test-portal method direct
portal domain test-portal
portal nas-ip 100.1.1.1
portal forwarding-mode local
配置AC的公网地址
interface Vlan-interface3322 //AC的公网接口
description 管理地址
ip address 100.1.1.1 255.255.255.248
tcp mss 1400
nat outbound 2000
配置AP模板
wlan ap ap1 model LA4320V id 5
description 800公交车
nas-id 1404002424000460
map-configuration 0402ap1.cfg
echo-interval 60
retransmit-count 60
serial-id 219801A0J2M141000200
hybrid-remote-ap enable
client idle-timeout 300
radio 1
service-template 10
radio enable
AP的配置
以下三个配置需要首先在在AP上手动配置,并且保存到FLASH。
指定AC
wlan ac ip 100.1.1.1
配置CE接口
interface Cellular-Ethernet1/0/1
link-delay 180
ip address cellular-allocated
tcp mss 1400
dialer enable-circular
dialer-group 1
dialer timer idle 0
dialer timer wait-carrier 20
dialer timer autodial 10
dialer number *99# autodial
nat outbound
gps mode standalone
gps nmea
配置缺省路由
ip route-static 0.0.0.0 0.0.0.0 Cellular-Ethernet1/0/1
配置GPS探测的接口
network mode probe Cellular-Ethernet1/0/1
配置DNS
dns resolve
dns proxy enable
dns server 8.8.8.8
配置portal,这里的portal主要用于重定向,没有认证的情况下都会重定向到本地首页。
portal server testap ip 101.1.1.1 port 2000 url http://192.168.3.1/usba0:/html/html/index.html server-type cmcc
配置portal的free-rule
portal free-rule 1 source ip any destination ip 100.1.1.1 mask 255.255.255.255
portal free-rule 3 source ip any destination ip 172.19.196.254 mask 255.255.255.255
portal free-rule 5 source ip any destination ip 101.1.1.1 mask 255.255.255.255
portal free-rule 15 source ip any destination ip 192.168.3.1 mask 255.255.255.255
配置portal上送的参数
portal device-id 0205.0024.240.00
portal url-param include nas-id
portal url-param include user-mac param-name wlanparameter
portal url-param include nas-ip param-name wlanacip
portal url-param include ap-mac param-name wlanapmac
portal url-param include user-url param-name wlanuserfirsturl
在没有认证通过的时候,始终访问本地页面的首页,在点击“登录公网”后,会推出该网页进行portal认证
portal user-url http://211.13.1.1 redirect-url http://101.1.1.1:8088/portal/showlogin.do
配置日志回传策略,日志中记录了哪些用户访问了什么本地页面
ip http log-file timer aging 3
ip http log-file upload server 221.180.150.8 port 9021 username report password cipher $c$3$yexOnd+aQUyIHxaoZRM8NVzQjn6mu9+TtLvcNMlD interval 10
配置GPS更新策略
ip http gps upload server 221.180.144.234/httpServer interval 5 //???会挂死
本地内容更新策略
schedule update ftp username down
schedule update ftp password cipher $c$3$5Cuk1N8mP/3OAkpVCZaNSqL+91RUnS7qZBNytCY=
schedule update work-directory usba0:/html/html/
schedule update server 221.180.150.8 port 9021
schedule update source-interface Cellular-Ethernet1/0/1
schedule update peak-time from 00:00:59 to 04:59:59 delay 10 threads 5
schedule update off-peak-time from 05:00:59 to 23:59:59 delay 10 threads 5 interval 30
根据当前CE接口的制式情况,限制本地内容更新的带宽
traffic classifier 4g operator and
if-match cellular 4g
traffic classifier 3g operator and
if-match cellular 3g
traffic behavior 4g
car cir 10000 cbs 625000 ebs 0 green pass red discard
traffic behavior 3g
car cir 100 cbs 6250 ebs 0 green pass red discard
qos policy testqos
classifier 3g behavior 3g
classifier 4g behavior 4g
为本地用户下发地址
dhcp server ip-pool testdhcp extended
network ip range 192.168.3.1 192.168.3.200
network mask 255.255.255.0
gateway-list 192.168.3.1
dns-list 192.168.3.1
expired day 0 hour 1
配置本地portal的接口
interface Vlan-interface1
ip address 192.168.3.1 255.255.255.0
dhcp server apply ip-pool testdhcp
portal server testap method direct
portal nas-ip 100.1.1.1
web-redirect track link-status interface Cellular-Ethernet1/0/1
由于产品部署,LTE-FI产品一般不接网线,而是走4G网络上行,所以LA4320V部署前,以下三条需要预先配置好,配置好之后要保证插上SIM卡后能够拨号成功,ping外网通,才能进行安装。如果不进行配置,会导致后期维护工作量大大增加。
具体配置如下:
指定AC
wlan ac ip 100.1.1.1
配置CE接口拨号
interface Cellular-Ethernet1/0/1
link-delay 180
ip address cellular-allocated
tcp mss 1400
dialer enable-circular
dialer-group 1
dialer timer idle 0
dialer timer wait-carrier 20
dialer timer autodial 10
dialer number *99# autodial
nat outbound
gps mode standalone
gps nmea
配置缺省路由
ip route-static 0.0.0.0 0.0.0.0 Cellular-Ethernet1/0/1
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作