第三方PORTAL认证系统对接华为AC6605实现无线WiFi微信认证、短信认证和访客认证

第三方PORTAL认证系统对接华为AC6605实现无线WiFi微信认证、短信认证和访客认证

[对接配置参考文章](https://www.cdefe.com/20190224/cid=219.html)

1、网络开局配置：在不配置portal认证情况下，用户连上无线能正常上网。
2、portal服务器部署：不开认证情况下用户、AC可以正常互访portal服务器。
3、外部第三方PORTAL认证系统配置参考：

4、AC6605命令配置参考

[V200R006C10SPC200]
#
 ftp server enable
#
 http server load flash:/AC6605V200R006C10SP200.001.web.zip 
 http secure-server ssl-policy default_policy
 http server enable
#
vlan batch 100 210 220 230 505
#
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
 portal-access-profile x
 free-rule-template x
 authentication-scheme cx
 accounting-scheme cx
 radius-server x
authentication-profile name macportal_authen_profile
#
dot1x-access-profile name dot1x_access_profile
mac-access-profile name mac_access_profile
#
web-auth-server version v2
portal captive-bypass enable
#
management-port isolate enable
management-plane isolate enable
#
diffserv domain default
#
radius-server template default
radius-server template x
 radius-server shared-key cipher %^%#+CGj+f)QK>;T9-,7MyQ2v]4-HufNiFQmJ{=j@(CN%^%#
 radius-server authentication 10.0.100.241 1812 weight 80
 radius-server accounting 10.0.100.241 1813 weight 80
 undo radius-server user-name domain-included
#
pki realm default
 enrollment self-signed
#
ssl policy default_policy type server
 pki-realm default
#
free-rule-template name default_free_rule
#
free-rule-template name x
 free-rule 0 destination ip 61.139.2.69 mask 255.255.255.255
 free-rule 1 destination ip 10.0.100.241 mask 255.255.255.255
 free-rule 2 destination ip 10.0.100.71 mask 255.255.255.255
#
url-template name urlTemplate_0
 url http://10.0.100.241/
 url-parameter ac-ip basip ap-mac apmac user-ipaddress wlanuserip user-mac mac
 url-parameter mac-address format delimiter : normal
#
web-auth-server x
 server-ip 10.0.100.241
 port 50100
 shared-key cipher %^%#~N!0*`gx[A|JRCC~'6C13nIj7F!~&CQNGZ,q9.{;%^%#
 url-template urlTemplate_0
#
portal-access-profile name portal_access_profile
#
portal-access-profile name x
 web-auth-server x direct
#
aaa
 authentication-scheme default
 authentication-scheme radius
 authentication-scheme cx
  authentication-mode radius
 authorization-scheme default
 accounting-scheme default
 accounting-scheme cx
  accounting-mode radius
 domain default
 domain default_admin
 local-user ac password irreversible-cipher %^%#tj0RQ|9j=LOc>SQa/lVCpIyNTED@`MG~53P#_9KXbFIqEo3bF&$vMgP@yJ#/%^%#
 local-user ac privilege level 15
 local-user ac ftp-directory flash:/
 local-user ac service-type ftp
 local-user bbb password irreversible-cipher %^%#*VxZ-QiH$G&e^*3[|wt.E_1;V~%K^L>0x[4pg@,7}8:MB:a$q16/3C+7ZS@J%^%#
 local-user bbb privilege level 15
 local-user bbb service-type http
 local-user sudo password irreversible-cipher %^%#%S-%Tv$v2>v+3KB7m,7E>pcqWzE3OQB8_M>]`.K1P_JoT-S'(~VI!$YEQ3G/%^%# idle-timeout 99 0 access-limit 999
 local-user sudo privilege level 15
 local-user sudo service-type telnet ssh http
 local-user admin password irreversible-cipher %^%#].@0"~G+z~GoW>>>w,XMt$`\+caLrW"z:v97~rTN#cb7Esd*[&bD;'XjphBU%^%# idle-timeout 3500 0
 local-user admin privilege level 15
 local-user admin service-type ssh http
#
interface Vlanif1
#
interface Vlanif100
 ip address 10.0.100.71 255.255.255.0
#
interface Vlanif230
 ip address 172.60.1.253 255.255.254.0
#
interface Vlanif505
#
interface MEth0/0/1
 ip address 169.254.1.1 255.255.0.0
#
interface GigabitEthernet0/0/1
 port link-type access
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
 port link-type trunk
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
 port media type fiber
   undo negotiation auto
#
interface XGigabitEthernet0/0/1
#
interface XGigabitEthernet0/0/2
#
interface NULL0
#
 info-center timestamp log format-date
#
 undo snmp-agent 
#
 stelnet server enable 
 undo telnet ipv6 server enable 
ssh server secure-algorithms cipher aes256_ctr aes128_ctr aes256_cbc aes128 3des
ssh server secure-algorithms hmac sha2_256 sha2_256_96 sha1 sha1_96 md5 md5_96
ssh client secure-algorithms cipher aes256_ctr aes128_ctr aes256_cbc aes128 3des
ssh client secure-algorithms hmac sha2_256 sha2_256_96 sha1 sha1_96 md5 md5_96
#
ip route-static 0.0.0.0 0.0.0.0 10.0.100.1
#
capwap source interface vlanif230
#
user-interface con 0
 authentication-mode password
 set authentication password cipher %^%#&C8eMS)+m:2jl5~0*jC>9+7hI#\&0'\K6Y"\wHh@fOvqFYt2qRt6mC#B!,HV%^%#
user-interface vty 0 4
 authentication-mode password
 user privilege level 15
 set authentication password cipher %^%#d;O5#3{>C&d6c]Hz%H4(4IS)%oZQ(/9HL;5(1%;6rI_/WM!DVGB[/x%JC(`H%^%#
 protocol inbound telnet
user-interface vty 16 20
 protocol inbound all
#
wlan
 traffic-profile name default
 security-profile name default
 security-profile name default-wds
  security wpa2 psk pass-phrase %^%#Nxt(2I--JV&D]OI