某局点V7的WX5500H控制器实现一次认证双栈放行典型配置案例

某局点客户内网只有IPv4的portal server以及radius服务器，但是内网终端有IPv4和IPv6的网段。客户希望实现IPv4的portal认证业务通过，即可实现IPv6的用户也认证通过，最终实现“一次认证，双栈放行”的效果。

 1、   配置IPv4 portal server服务器

[ACl]portal server portalv4

[AC-portal-server-portalv4]ip 192.168.1.3 key simple h3c

2、配置IPv4 portal web-server服务器

[AC-portal-websvr-webv4]portal web-server webv4

[AC-portal-websvr-webv4]url http://192.168.1.3:8080/portal

[AC-portal-websvr-webv4]server-type cmcc  //配置服务类型

3、下面的内容按需配置

[AC-portal-websvr-webv4]url-parameter ssid ssid

[AC-portal-websvr-webv4]url-parameter wlanacname value AC

[AC-portal-websvr-webv4]url-parameter wlanuserip source-address

4、配置DAE功能

[AC] radius dynamic-author server

[AC-radius-da-server] client ip 192.168.1.3 key simple h3c

5、配置radius服务器

[AC]radius scheme portalv4

[AC-radius-portalv4] primary authentication 192.168.1.3

[AC-radius-portalv4] primary accounting 192.168.1.3

[AC-radius-portalv4] key authentication cipher $c$3$8yxJaSm769ehgj67FOCFJWFEV/vQdpxA

[AC-radius-portalv4] key accounting cipher $c$3$Mn2HDuwB+EtgZn5Mv9ZStFY+Qr7SfiR+

[AC-radius-portalv4] user-name-format without-domain

[AC-radius-portalv4] nas-ip 5.5.5.5

6、配置domian域

[AC]domain portalv4

[AC-isp-portalv4] authorization-attribute idle-cut 15 1024

[AC-isp-portav4l] authentication portal radius-scheme portalv4

[AC-isp-portalv4] authorization portal radius-scheme portalv4

[AC-isp-portalv4] accounting portal radius-scheme portalv4

7、配置无线服务模板并且开启IPv4和IPv6的portal认证功能

[AC] wlan service-template 2

[AC-wlan-st-2]ssid portal

[AC-wlan-st-2]vlan 2

[AC-wlan-st-2]portal enable method direct   //IPv4的 portal认证功能

[AC-wlan-st-2]portal domain portalv4

[AC-wlan-st-2]portal apply web-server webv4  //调用IPv4的 portal服务器

[AC-wlan-st-2]portal bas-ip 192.168.0.100

[AC-wlan-st-2]portal dual-stack enable //开启一次认证，双栈放行

[AC-wlan-st-2]service-template enable