H3C-WX2510H对接OpenPortal网络准入认证计费系统实现Mac快速认证+Portal认证

H3C-WX2510H对接OpenPortal网络准入认证计费系统

实现Mac快速认证+Portal认证

介绍：

        OpenPortal网络准入认证计费系统包含Portal协议认证系统+Radius AAA认证计费授权系统，支持CMCC V1 V2协议标准，华为Portal协议V1 V2等，支持Radius协议RFC2865，RFC2866标准，支持CMCC标准mac-trigger协议和mac auth标准的MAC优先的MAC快速认证、无感知认证，支持限速策略下发、ACL下发、ip-pool下发等一系列接入策略配置。

        支持用户名密码认证、短信认证、钉钉授权认证、微信认证、公众号认证、答题认证、视频倒计时认证、人脸识别认证、访客二维码授权认证、LDAP AD域结合认证、第三方OA系统扩展认证等等各种认证模式，支持二次代拨认证等技术，支持用户自助注册，自行选择计费套餐进行支付宝、微信自助缴费等。

详细情况可以加入QQ群：119688084 ，或咨询QQ/WX:25901875

需求：

        传统各种品牌杂牌有线+无线网络拓扑条件下，最小成本进行网络改造调整，实现支持MAC快速认证优先的Portal认证网络接入模式。

        引入很香的H3C-WX2510H控制器作为多业务接入网关，具体型号可以根据自己的用户量来选型。

        H3C-WX2510H可作为PPPoe拨号、专线连接的出口网关，并且该设备支持L2TP组建VPN网络（云认证计费服务部署模式下），该设备支持mac-trigger协议的MAC快速无感知认证+Portal协议。

具体拓扑如下：

设备配置：

[H3C-WX2510H]dis cur 
#
 version 7.1.064, Release 5226
#
 sysname H3C-WX2510H
#
 telnet server enable
#
 dhcp enable
#
 password-recovery enable
#
vlan 1
#
vlan 100
#
vlan 200
#
vlan 300
#
dhcp server ip-pool lan
 gateway-list 192.168.10.1
 network 192.168.10.0 mask 255.255.255.0
 dns-list 114.114.114.114 8.8.8.8
 forbidden-ip 192.168.10.1
 forbidden-ip 192.168.10.10
#
dhcp server ip-pool wlan
 gateway-list 172.16.0.1
 network 172.16.0.0 mask 255.255.255.0
 dns-list 114.114.114.114 8.8.8.8
 forbidden-ip 172.16.0.1
 forbidden-ip 172.16.0.10
#
interface NULL0
#
interface Vlan-interface100
 ip address dhcp-alloc
 nat outbound
 undo dhcp select server
#
interface Vlan-interface200
 ip address 172.16.0.1 255.255.255.0
 dhcp server apply ip-pool wlan
 portal enable method direct
 portal domain portal
 portal bas-ip 192.168.10.1
 portal apply web-server portal
 portal apply mac-trigger-server portal
 portal outbound-filter enable
#
interface Vlan-interface300
 ip address 192.168.10.1 255.255.255.0
 dhcp server apply ip-pool lan
#
interface GigabitEthernet1/0/1
 port link-mode bridge
 port access vlan 300
#
interface GigabitEthernet1/0/2
 port link-mode bridge
 port access vlan 300
#
interface GigabitEthernet1/0/3
 port link-mode bridge
 port access vlan 300
#
interface GigabitEthernet1/0/4
 port link-mode bridge
 port access vlan 200
 poe enable    
#
interface GigabitEthernet1/0/5
 port link-mode bridge
 port access vlan 100
#
 scheduler logfile size 16
#
line class console
 user-role network-admin
#
line class vty
 user-role network-operator
#
line con 0
 user-role network-admin
#
line vty 0 31
 authentication-mode scheme
 user-role network-operator
#
 undo info-center logfile enable
#
 radius session-control enable
#
radius scheme portal
 primary authentication 192.168.10.10
 primary accounting 192.168.10.10
 key authentication cipher $c$3$De1ugz33CW5QlT3ePSVbIEjq7HGVMOeFbw==
 key accounting cipher $c$3$XK267tGaoBesgFjlS4j3jPV6gmAjMuW9/w==
 timer realtime-accounting 5
 user-name-format without-domain
 nas-ip 192.168.10.1
#
radius dynamic-author server 
 client ip 192.168.10.10 key cipher $c$3$0n+PybswB5i2lFyTMcxl/0QI3DPep1p1Cg==
#
domain portal
 authorization-attribute idle-cut 600 10240
 authentication portal radius-scheme portal
 authorization portal radius-scheme portal
 accounting portal radius-scheme portal
#
domain system
#
 domain default enable system
#              
role name level-0
 description Predefined level-0 role
#
role name level-1
 description Predefined level-1 role
#
role name level-2
 description Predefined level-2 role
#
role name level-3
 description Predefined level-3 role
#
role name level-4
 description Predefined level-4 role
#
role name level-5
 description Predefined level-5 role
#
role name level-6
 description Predefined level-6 role
#
role name level-7
 description Predefined level-7 role
#
role name level-8
 description Predefined level-8 role
#
role name level-9
 description Predefined level-9 role
#
role name level-10
 description Predefined level-10 role
#
role name level-11
 description Predefined level-11 role
#
role name level-12
 description Predefined level-12 role
#
role name level-13
 description Predefined level-13 role
#
role name level-14
 description Predefined level-14 role
#
user-group system
#
local-user admin class manage
 password hash $h$6$nbriu0HPMsFsLmp2$bbsSbj0+ohrhZfas8qeXTSg9iZvVEuPHjQdUN896BzeKhbt4R3W0jejeQO8n+lvQowVbH2jLLS/TzDvHDrdpjA==
 service-type telnet http https
 authorization-attribute user-role network-admin
#
 portal nas-port-id format 4
 portal host-check enable
 portal free-rule 0 source ip 192.168.10.10 255.255.255.255 destination ip any
 portal free-rule 1 source ip any destination ip 192.168.10.10 255.255.255.255
 portal free-rule 2 source ip 172.16.0.1 255.255.255.255 destination ip any
 portal free-rule 3 source ip any destination ip 172.16.0.1 255.255.255.255
 portal free-rule 4 source ip 172.16.0.10 255.255.255.255 destination ip any
 portal free-rule 5 source ip any destination ip 172.16.0.10 255.255.255.255
 portal free-rule 10 source ip 114.114.114.114 255.255.255.255 destination ip any
 portal free-rule 11 source ip any destination ip 114.114.114.114 255.255.255.255
 portal free-rule 12 source ip 8.8.8.8 255.255.255.255 destination ip any
 portal free-rule 13 source ip any destination ip 8.8.8.8 255.255.255.255
#
portal web-server portal
 url http://192.168.10.10
 server-type cmcc
 url-parameter basip value 192.168.10.1
 url-parameter mac source-mac
 url-parameter url original-url
 url-parameter vlan vlan
 url-parameter wlanuserip source-address
#
portal server portal
 ip 192.168.10.10 key cipher $c$3$m3+fMyRYhKD8NHD6x+m4WIP1D4fQ7ZgSRw==
 server-type cmcc
#
 ip http enable
 ip https enable
#
portal mac-trigger-server portal
 ip 192.168.10.10 key cipher $c$3$5QU0xgzExFYbgdjriMIy7148QKSzsOacwQ==
 server-type cmcc
 binding-retry 1
 aaa-fail nobinding enable
#
wlan global-configuration
#
wlan ap-group default-group
 vlan 1
#              
return

OpenPortal对接截图：