v7本地转发加集中认证Portal问题
- 0关注
- 1收藏,2484浏览
问题描述:
WX5510E升级为V7做本地转发加集中认证,现在可以弹出认证页面,但显示向设备发送请求超时,控制器去掉portal认证可以正常上网,麻烦大侠们帮忙看看配置,另外我想一个SSID多个VLAN是不是在控制器AP中进行绑定就可以,另外如何做HTTPS重定向。
控制器配置:
[AC]disp cur
#
version 7.1.064, Release 5221
#
sysname AC
#
telnet server enable
#
irf mac-address persistent timer
irf auto-update enable
irf auto-merge enable
irf member 1 priority 1
#
password-recovery enable
#
vlan 1
#
vlan 182
#
irf-port 1
#
wlan service-template 1
ssid h3c
vlan 182
client forwarding-location ap
portal enable method direct
portal domain dm1
portal bas-ip 192.168.82.200
portal apply web-server newpt
service-template enable
#
wlan service-template 2
ssid ceshi
vlan 70
client forwarding-location ap
service-template enable
#
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan all
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.1.252 255.255.255.0
#
interface Vlan-interface182
ip address 192.168.82.200 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
ip route-static 0.0.0.0 0 192.168.1.254
#
undo info-center logfile enable
#
snmp-agent
snmp-agent local-engineid 800063A28094282E0001D000000001
snmp-agent community read rzgrea
snmp-agent community write rzgwr
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 192.168.1.251 params securityname rzgrea v2c
#
radius session-control enable
#
radius scheme rs1
primary authentication 192.168.1.251
primary accounting 192.168.1.251
key authentication cipher $c$3$m7hLCu9ujJs41d94AV3aanjSqMRpiw==
key accounting cipher $c$3$2r5wtRWd+cAZ9Yt2iuylEh2D7BC+bg==
user-name-format without-domain
#
domain dm1
authorization-attribute idle-cut 15 1024
authentication portal radius-scheme rs1
authorization portal radius-scheme rs1
accounting portal radius-scheme rs1
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
user-group system
#
ftp server enable
#
portal host-check enable
portal free-rule 1 source ip any destination ip 192.168.0.0 255.255.0.0
portal free-rule 2 source ip any destination ip 129.0.0.0 255.255.255.0
portal free-rule 3 source ip any destination ip 202.102.152.3 255.255.255.255
portal free-rule 6 source interface Bridge-Aggregation1
#
portal web-server newpt
url http://192.168.1.251:8080/portal
server-type cmcc
url-parameter ssid ssid
url-parameter wlanacname value ac
url-parameter wlanuserip source-address
#
portal server newpt
ip 192.168.1.251 key cipher $c$3$uy+/Inv2RP5Vr79J76LS/gKlKXefxg==
server-type cmcc
#
ip http enable
ip https enable
#
wlan global-configuration
#
wlan ap-group default-group
vlan 1
#
wlan ap ceshi-1 model WA2620-AGN-S
serial-id 219801A0H6914AQ02283
map-configuration cfa0:/apcfg.txt
radio 1
radio enable
service-template 1 vlan 182
radio 2
radio enable
service-template 1 vlan 182
return
核心配置:
int VLAN 182
ip add 192.168.82.254 24
然后这个VLAN 起DHCP分配客户端地址
int vlan 181
ip add 192.168.81.254
这个VLAN起dhcp利用OPTION43注册到控制器
int vlan 1
ip add 192.168.1.254 24
IMC配置:
组网及组网描述:
- 2018-07-20提问
- 举报
-
(0)
最佳答案
我觉得你在radius scheme里面加个nas ip就可以了;V7 AC默认支持https重定向不需要特殊配置,配置参考如下:
http://download.h3c.com.cn/download.do?id=3475738
- 2018-07-20回答
- 评论(4)
- 举报
-
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
看你配置的 IMC上添加的接入设备是80.200这个地址啊,radius 的nas ip必须是和iMC写的接入设备IP地址要一样才可以