Author: interest QQ: 25901875 E-Mail:[email protected]
The software is based on huawei AC/BAS PORTAL server program of the agreement, the Java code, open source,
The latest source code download address: https://github.com/lishuocool
Contains the OpenPortal ToughRadius three sets of AC simulator code
New installation configuration instructions:
1. First of all guarantee for JDK1.7 environment
2. Unzip the path without Chinese and space
3. The configuration file shows \ webapps \ ROOT \ config properties
Bas_ip=192.168.0.2//AC equipment IP address
Bas_port=2000//AC equipment communication port/without modifying the
Portal_port=50100//PORTAL service listening on port/without modifying the
SharedSecret=interest//Shared key
AuthType=0//0 chap 1 pap authentication type
TimeoutSec=3//timeout 3 seconds [without modifying]
PortalVer=1//PORTAL protocol version
4. Configuration Radius, AC equipment installation and configuration service
If you use AC simulator to simulate test can ignore the
5. Run run [OpenPortal server] shortcut Linux environment, all is superior need not I said
6. The browser http://server IP
6. If you use AC simulator test user name password random if real environment (don't I talk nonsense)
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Recommend ToughRADIUS server easily open source to use specific installation configuration see http://forum.toughradius.net
Have huawei S5700 switches as an example, the configuration information:
Switch configuration
the following configuration stepsStep 1
Create a VLAN and configuration interface allows VLAN, ensure network unobstructed,
# to create VLAN10 and VLAN20,
[SWITCH] vlan batch 10 20
# configuration switches connected to the uplink network interface E0/0/1 for the Access type interface, and to add 0/1 GE0/
VLAN20,
[SWITCH] interface Ethernet0/0/1
The SWITCH - Ethernet0/.two survivors port link -type access
The SWITCH - Ethernet0/.two survivors port default vlan 20
The SWITCH - Ethernet0/.two survivors quit
# configuration switches connect the RADIUS and portalServer interface E0/.two survivors for the Access type interface, and
Adding GE0/.two survivors VLAN20,
[SWITCH] interface Ethernet0/.two survivors
The SWITCH - Ethernet0/.two survivors port link -type access
The SWITCH - Ethernet0/.two survivors port default vlan 20
The SWITCH - Ethernet0/.two survivors quit
# VLANIF10 and VLANIF20, to create and configure the IP address of the VLANIF, to the user terminal, a Switch,
Enterprise Intranet resources to set up routing, between here assumes that the IP address of the VLANIF10 192.168.10.20/24;
VLANIF20 IP address for 192.168.20.29/24,
[SWITCH] interface vlanif 10
[SWITCH - Vlanif10] IP address 192.168.10.20 24//10.1
[SWITCH] interface vlanif 20
[SWITCH - Vlanif20] IP address 192.168.0.1 24//0.1
[the SWITCH - Vlanif20] quit
Step 2
Create and configure the RADIUS server templates, AAA and authentication domain,
# to create and configure the RADIUS server template "rd1,"
[SWITCH] radius - server template rd1
[SWITCH - the radius - rd1] radius - server authentication 192.168.0.2 1812
[the SWITCH - the radius - rd1] the radius server - accounting 192.168.0.2 1813
[the SWITCH - the radius - rd1] the radius server Shared - key simple interest
[the SWITCH - the radius - rd1] radius - server retransmit 2
[the SWITCH - the radius - rd1] quit
# to create AAA scheme "ABC" and configure the authentication for the RADIUS,
[SWITCH] aaa
/SWITCH - aaa authentication scheme - ABC
ABC] [SWITCH - aaa - authen - authentication mode radius
-ABC] [SWITCH - aaa - authen - quit
[the SWITCH - aaa] accounting - scheme acc
ABC] [SWITCH - aaa - acc - accounting - mode radius
ABC] [SWITCH - aaa - acc - quit
# to create the authentication domain "leeson.org", and on the binding AAA scheme "ABC" and the RADIUS server template "rd1,"
[the SWITCH - aaa] domain leeson.org
[the SWITCH - aaa - domain - isp1] authentication scheme - ABC
[the SWITCH - aaa - domain - isp1] accounting - scheme acc
[the SWITCH - aaa - domain - isp1] the radius server - rd1
[the SWITCH - aaa - domain - isp1] quit
[the SWITCH - aaa] quit
# configure global the default domain for the "leeson.org", a user to access authentication, in the format "[email protected]" lose
Enter the user name can be in XXX. XXX domain under the aaa authentication, if don't carry the domain name of the user name or carry the domain name
Does not exist, the user will be in the default domain authentication,
[SWITCH] domain leeson.org
Step 3
Configure external Portal certification
# to create and configure the name is "ABC" Portal server templates,
[SWITCH] web auth - server ABC
[the SWITCH - web - auth - server - ABC] server - IP 192.168.0.2
[the SWITCH - web - auth - server - ABC] port 50100
[the SWITCH - web - auth - server - ABC] Shared - key cipher interest
[the SWITCH - web - auth - server - ABC] url http://192.168.0.2
[the SWITCH - web - auth - server - ABC] quit
# can make Portal authentication function,
[SWITCH] interface vlanif 10
[the SWITCH - Vlanif10] web auth - server ABC direct
[the SWITCH - Vlanif10] quit
Step 4
Check the configuration of the parameters of the Portal server information,
# execute commands display web auth - server configuration view the Portal server related
Configuration information,
Listening port: 2000
Portal: version 1 and version 2
Include the reply message: enabled
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
- Web - auth - server Name: ABC
IP address: 192.168.20.30
Shared - key: % $% $] ${c $) Bp! XFdN> G2DBG (T# wn % $% $
The Port/PortFlag: 50100/NO
URL: http://192.168.0.2
Bounded Vlanif: 10
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
1 Web authentication server (s) in total
Step 5
Add a default route on switch: IP route - static 0.0.0.0 0.0.0.0 192.168.0.1
Which is suitable for switches uplink port gateway address 192.168.0.1
Step 6
Configure the portal white list
Portal free - rule zero destination IP 192.168.0.1 mask 255.255.255.255
Portal free - rule 1 destination IP 192.168.0.2 mask 255.255.255.255
Portal free - rule 2 destination IP XXX. XXX, XXX, XXX mask 255.255.255.255
nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull