04-H3C vBRAS支持IPoE Web NAT穿越功能典型配置举例-5W100
本章节下载: 04-H3C vBRAS支持IPoE Web NAT穿越功能典型配置举例-5W100 (614.82 KB)
H3C vBRAS系列虚拟宽带远程接入服务器IPoE Web支持NAT穿越功能典型配置举例
Copyright © 2018 新华三技术有限公司 版权所有,保留一切权利。 非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部, 并不得以任何形式传播。本文档中的信息可能变动,恕不另行通知。 |
目 录
本文档介绍H3C vBRAS系列虚拟路由器IPoE Web NAT功能典型配置举例。H3C vBRAS虚拟路由器有别于H3C公司以往的各系列物理路由器,是一款运行在标准服务器虚拟机上的纯软件路由器产品。NAT功能是在内部网络和外部网络之间建立连接时产生地址映射关系,使IPoE Web用户能够在内部网络访问外部网络的组网环境。
· 本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请参考相关产品手册,或以设备实际情况为准。
· 本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
· 本文档假设您已了解ACL、QoS、策略路由、AAA、NAT等特性。
如图1所示:
· Host作为DHCP Client经由VXLAN网络以IPoE方式接入到vBRAS。
· vBRAS作为DHCP服务器为Host动态分配IP地址。
· RADIUS服务器通过交换机与vBRAS路由可达。
· 由一台已安装H3C iMC的公网服务器承担Portal认证服务器和Portal Web服务器的职责。
图1 IPoE Web NAT功能典型配置举例组网图
设备配置IPoE Web认证。在IPoE Web配置基础上配置备份组和地址转换组。在ACL中匹配用户流量,同时设备开启NAT会话的备份统计功能,最后在认证前域配置私网地址类型,接口下开启NAT转换功能。
本举例是在vBRAS1000_H3C-CMW710-E1116-X64版本上进行配置和验证的。
IPoE Web认证配置与Portal认证配置,有相互干扰部分,建议两者不要同时在同一接口下配置。
(1) 单击导航树中[接入策略管理/Portal服务管理/服务器配置]菜单项,进入服务器配置页面。
(2) 配置Portal主页(采用缺省配置即可),单击<确定>按钮完成操作。
图2 服务器配置页面
(1) 单击导航树中[接入策略管理/Portal服务管理/IP地址组配置]菜单项,进入IP地址组配置页面。
(2) 单击<增加>按钮,进入增加IP地址组页面。
(3) 输入IP地址组名,输入起始地址11.0.0.2,终止地址11.0.255.254,类型选择NAT。。其余参数采用缺省配置。用户主机IP地址必须包含在该IP地址组范围内,设备配置的转换地址须包含在转换地址范围内。
(4) 单击<确定>按钮完成操作。
图3 增加IP地址组页面
(1) 单击导航树中[接入策略管理/Portal服务管理/设备配置]菜单项,进入设备配置页面。
(2) 单击<增加>按钮,进入增加设备信息页面。
(3) 输入设备名,输入IP地址100.100.1.3,该地址为与接入用户相连的设备接口IP地址。输入密钥123456,组网方式选择“直连”。其余参数采用缺省配置。
(4) 单击<确定>按钮完成操作。
图4 增加设备信息页面
(1) 单击导航树中[接入策略管理/Portal服务管理/设备配置]菜单项,进入设备配置页面。
(2) 在设备列表中,单击端口组信息管理图标,进入端口组信息配置页面。
(3) 单击<增加>按钮,进入增加端口组信息页面。
(4) 配置端口组信息相关参数后,单击<确定>按钮完成操作。
图5 增加端口组信息页面
(5) 输入端口组名,选择IP地址组,用户接入网络时使用的IP地址必须属于所选的IP地址组。其余参数采用缺省配置。
(6) 单击<确定>按钮完成操作。
# 配置IPoE WEB认证(配置过程略)。
# 创建备份组,并将节点加入备份组,其中slot1配置为主节点,slot2配置为备节点。
[vBRAS] failover group 1
[vBRAS-failover-group-1] bind slot 1 primary
[vBRAS-failover-group-1] bind slot 2 secondary
[vBRAS-failover-group-1] quit
# 创建冗余组,并为其添加成员接口和备份组。
[vBRAS] redundancy group A_Wifi
[vBRAS-redundancy-group-A_Wifi] member interface Reth2
[vBRAS-redundancy-group-A_Wifi] member interface Reth3
[vBRAS-redundancy-group-A_Wifi] member failover group 1
# 在冗余组A_Wifi下,创建冗余组节点1,并将其与主板绑定,成为主节点。
[vBRAS-redundancy-group-A_Wifi] node 1
[vBRAS-redundancy-group-A_Wifi-node-1] bind slot 1
[vBRAS-redundancy-group-A_Wifi-node-1] priority 100
[vBRAS-redundancy-group-A_Wifi-node-1] track 1 interface ten-gigabitethernet 1/5/0
[vBRAS-redundancy-group-A_Wifi-node-1] track 2 interface ten-gigabitethernet 1/6/0
[vBRAS-redundancy-group-A_Wifi-node-1] quit
# 在冗余组A_Wifi下,创建冗余组节点2,并将其与备板绑定,成为备节点。
[vBRAS-redundancy-group-A_Wifi] node 2
[vBRAS-redundancy-group-A_Wifi-node-2] bind slot 2
[vBRAS-redundancy-group-A_Wifi-node-2] track 3 interface ten-gigabitethernet 2/5/0
[vBRAS-redundancy-group-A_Wifi-node-2] track 4 interface ten-gigabitethernet 2/6/0
[vBRAS-redundancy-group-A_Wifi-node-2] quit
[vBRAS-redundancy-group-A_Wifi] quit
# 创建地址组,并配置NAT地址组与备份组绑定,设置端口块范围,配置端口块大小,添加NAT转换地址成员。
[vBRAS] nat address-group 1
[vBRAS-address-group-1] failover-group 1
[vBRAS-address-group-1] port-range 1000 65535
[vBRAS-address-group-1] port-block block-size 200
[vBRAS-address-group-1] address 211.9.83.1 211.9.83.254
[vBRAS-address-group-1] quit
# 配置ACL,匹配需转换的源IP地址。
[vBRAS] acl advanced 3000
[vBRAS-acl-ipv4-adv-3000] rule 0 permit ip source 11.0.0.0 0.0.255.255
[vBRAS-acl-ipv4-adv-3000] quit
# 对匹配指定ACL中permit规则的业务,配置处理此业务的备份组。
[vBRAS] session service-location acl 3000 failover-group 1
# 开启会话统计功能和NAT动态端口块备份功能。
[vBRAS] session statistics enable
# 开启NAT端口块备份功能。
[vBRAS] nat port-block synchronization enable
# 配置认证前域地址类型为私网IPv4地址,URL地址参数增加用户的私网IP。
[vBRAS] domain name a-wifi_pre
[vBRAS-a-wifi_pre] user-address-type private-ipv4
[vBRAS-a-wifi_pre] web-server url-parameter userip source-address
[vBRAS-a-wifi_pre] quit
# 创建以太网冗余接口3,并配置出方向动态地址转换。
[vBRAS] interface reth 3
[vBRAS-Reth3] nat outbound 3000 address-group 1
# 在vBRAS查看用户状态,用户处于认证前域,详细信息中包含分配的私网IP地址、转换后的公网IP地址以及端口块。
<vBRAS> display ip subscriber session verbose
Basic:
Description : -
Username : admin
Domain : a-wifi_pre
VPN instance : N/A
IP address : 11.0.89.53
User address type : private-ipv4
MAC address : 000c-2956-4dcc
Service-VLAN/Customer-VLAN : -/-
Access interface : Vsi1
User ID : 0x38200186
VPI/VCI(for ATM) : -/-
VSI Index : 0
VSI link ID : 83886080
VXLAN ID : 1002
DNS servers : 27.27.27.200
IPv6 DNS servers : N/A
DHCP lease : 86400 sec
DHCP remain lease : N/A
Access time : Apr 2 15:10:32 2018
Online time(hh:mm:ss) : 00:00:26
Service node : Slot 1 CPU 0
Authentication type : Web pre-auth
IPv4 access type : DHCP
IPv4 detect state : N/A
State : Online
AAA:
ITA policy name : N/A
IP pool : a-wifi_pre
IPv6 pool : N/A
Primary DNS server : N/A
Secondary DNS server : N/A
Primary IPv6 DNS server : N/A
Secondary IPv6 DNS server : N/A
Session idle cut : N/A
Session duration : 111 sec, remaining: N/A
Traffic quota : N/A
Traffic remained : N/A
Acct start-fail action : Online
Acct update-fail action : Online
Acct quota-out action : Offline
Dual-stack accounting mode : Merge
Max IPv4 multicast addresses: 4
IPv4 multicast address list : N/A
Max IPv6 multicast addresses: 4
IPv6 multicast address list : N/A
Accounting start time : Apr 2 15:10:32 2018
Redirect URL : http://28.28.28.100:8080/portal
QoS:
User profile : N/A
Session group profile : N/A
User group ACL : a-wifi (active)
Inbound CAR : N/A
Outbound CAR : N/A
Inbound user priority : N/A
Outbound user priority : N/A
NAT:
Global IP address : 211.9.86.224
Port block : 10000-10999
Flow statistic:
Uplink packets/bytes : 15/780
Downlink packets/bytes : 0/0
IPv6 uplink packets/bytes : 0/0
IPv6 downlink packets/bytes : 0/0
# 查看用户生成的动态端口块表项
<vBRAS>display nat port-block dynamic
Slot 1:
Local VPN Local IP Global IP Port block Connections Extend
--- 11.0.89.53 211.9.86.224 11000-11999 1 ---
Total mappings found: 1
Slot 2:
Local VPN Local IP Global IP Port block Connections Extend
--- 11.0.89.53 211.9.86.224 11000-11999 1 ---
Total mappings found: 1
# 登录Web界面,输入任意IP地址,重定向至iMC Portal登录页面,如下图所示。
图6 iMC Portal登录页面
# 用户认证通过后,执行以下命令查看详细信息。详细信息中包含分配的私网IP地址、转换后的公网IP地址以及端口块。
<vBRAS>display ip subscriber session verbose
Basic:
Description : -
Username : admin
Domain : a-wifi
VPN instance : N/A
IP address : 11.0.89.53
User address type : private-ipv4
MAC address : 000c-2956-4dcc
Service-VLAN/Customer-VLAN : -/-
Access interface : Vsi1
User ID : 0x38200188
VPI/VCI(for ATM) : -/-
VSI Index : 0
VSI link ID : 83886080
VXLAN ID : 1002
DNS servers : 27.27.27.200
IPv6 DNS servers : N/A
DHCP lease : 86400 sec
DHCP remain lease : N/A
Access time : Apr 2 15:14:27 2018
Online time(hh:mm:ss) : 00:00:08
Service node : Slot 1 CPU 0
Authentication type : Web
IPv4 access type : DHCP
IPv4 detect state : N/A
State : Online
AAA:
ITA policy name : N/A
IP pool : a-wifi_pre
IPv6 pool : N/A
Primary DNS server : N/A
Secondary DNS server : N/A
Primary IPv6 DNS server : N/A
Secondary IPv6 DNS server : N/A
Session idle cut : 60 sec, 10240 bytes, direction:Both
Session duration : 86400 sec, remaining: N/A
Traffic quota : N/A
Traffic remained : N/A
Acct start-fail action : Online
Acct update-fail action : Online
Acct quota-out action : Offline
Dual-stack accounting mode : Merge
Max IPv4 multicast addresses: 4
IPv4 multicast address list : N/A
Max IPv6 multicast addresses: 4
IPv6 multicast address list : N/A
Accounting start time : Apr 2 15:16:10 2018
QoS:
User profile : N/A
Session group profile : N/A
User group ACL : N/A
Inbound CAR : N/A
Outbound CAR : N/A
Inbound user priority : N/A
Outbound user priority : N/A
NAT:
Global IP address : 211.9.86.224
Port block : 12000-12999
Flow statistic:
Uplink packets/bytes : 2683/139706
Downlink packets/bytes : 0/0
IPv6 uplink packets/bytes : 0/0
IPv6 downlink packets/bytes : 0/0
# 输入用户名admin,密码123456,提示用户上线成功,IPoE会话显示用户已经上线。
图7 用户上线成功页面
vBRAS的配置文件如下:
#
sysname vBRAS
#
failover group 1
bind slot 1 primary
bind slot 2 secondary
#
telnet server enable
#
irf mac-address persistent always
irf auto-update enable
irf auto-merge enable
irf domain 1016231237
irf member 1 priority 32
irf member 2 priority 31
#
router id 100.100.1.2
#
track 1 interface Ten-GigabitEthernet1/5/0
#
track 2 interface Ten-GigabitEthernet1/6/0
#
track 3 interface Ten-GigabitEthernet2/5/0
#
track 4 interface Ten-GigabitEthernet2/6/0
#
isis 100
cost-style wide
network-entity 04.5090.0100.0100.0100.0088.00
#
address-family ipv4 unicast
#
mpls lsr-id 100.100.1.2
#
ppp flow-statistics frequency fast
#
ip fast-forwarding aging-time 60
#
dhcp enable
dhcp relay client-information record
#
lldp global enable
#
ip subscriber timer traffic 30000
#
flow-interval 60
#
password-recovery enable
#
vlan 1
#
irf-port 1
port group interface GigabitEthernet1/3/0 type data
port group interface GigabitEthernet1/4/0 type control
#
irf-port 2
port group interface GigabitEthernet2/3/0 type data
port group interface GigabitEthernet2/4/0 type control
#
traffic classifier 31 operator and
if-match acl 3899
#
traffic classifier a-wifi_deny operator and
if-match acl 3528
#
traffic classifier a-wifi_http operator and
if-match acl 3526
#
traffic classifier a-wifi_https operator and
if-match acl 3527
#
traffic classifier a-wifi_out operator and
if-match acl 3529
#
traffic classifier a-wifi_permit operator and
if-match acl 3525
#
traffic classifier tetong operator and
if-match acl 3999
#
traffic classifier web_deny operator and
#
traffic behavior a-wifi_deny
filter deny
#
traffic behavior a-wifi_http
redirect http-to-cpu
#
traffic behavior a-wifi_https
redirect https-to-cpu
#
traffic behavior a-wifi_out
filter permit
#
traffic behavior a-wifi_permit
filter permit
#
traffic behavior tetong
remark qos-local-id 3999
#
traffic behavior web_deny
#
qos policy a-wifi
classifier a-wifi_permit behavior a-wifi_permit
classifier a-wifi_http behavior a-wifi_http
classifier a-wifi_https behavior a-wifi_https
classifier a-wifi_deny behavior a-wifi_deny
#
qos policy out
classifier a-wifi_out behavior a-wifi_out
classifier a-wifi_deny behavior a-wifi_deny
#
qos policy tetong
classifier tetong behavior tetong
#
qos policy web
#
dhcp server ip-pool a-wifi_pre
gateway-list 11.0.0.1 export-route
network 11.0.0.0 mask 255.255.0.0 export-route
address range 11.0.0.2 11.0.255.254
dns-list 27.27.27.200
#
policy-based-route tetong permit node 3999
if-match qos-local-id 3999
apply next-hop 5.1.1.1
apply next-hop 29.29.0.2
#
nqa entry 1 1
type icmp-echo
destination ip 28.28.28.100
frequency 500
history-record enable
history-record number 10
probe count 3
probe timeout 500
reaction 1 checked-element probe-fail threshold-type consecutive 3 action-type trigger-only
#
nqa schedule 1 1 start-time now lifetime forever
#
mpls ldp
#
l2vpn enable
l2vpn statistics interval 60
#
vsi a-wifi
gateway vsi-interface 1
vxlan 1002
tunnel 0
#
interface Reth1
ip address 172.16.17.88 255.255.255.0
member interface GigabitEthernet1/1/0 priority 32
member interface GigabitEthernet2/1/0 priority 31
#
interface Reth2
description downlink
mtu 2000
ip address 100.100.100.2 255.255.255.0
member interface Ten-GigabitEthernet1/5/0.1000 priority 101
member interface Ten-GigabitEthernet2/5/0.1000 priority 100
#
interface Reth3
description uplink
ip address 200.200.200.2 255.255.255.0
isis enable 100
isis circuit-level level-2
isis circuit-type p2p
isis small-hello
mpls enable
mpls ldp enable
member interface Ten-GigabitEthernet1/6/0.2000 priority 101
member interface Ten-GigabitEthernet2/6/0.2000 priority 100
nat outbound 3000 address-group 1
mad arp enable
#
interface Reth255
ip address 5.1.1.25 255.255.255.0
member interface Ten-GigabitEthernet1/5/0.50 priority 99
member interface Ten-GigabitEthernet2/5/0.50 priority 100
#
interface Virtual-Template1
ppp authentication-mode pap domain ppp
ppp account-statistics enable
#
interface Virtual-Template11
ppp authentication-mode pap domain ppp
#
interface NULL0
#
interface LoopBack1
ip address 100.100.1.1 255.255.255.255
#
interface LoopBack2
description LoopBack
ip address 100.100.1.2 255.255.255.255
isis enable 100
#
interface LoopBack3
ip address 100.100.1.3 255.255.255.255
isis enable 100
#
interface GigabitEthernet1/1/0
ip address dhcp-alloc
#
interface GigabitEthernet1/2/0
#
interface GigabitEthernet1/3/0
#
interface GigabitEthernet1/4/0
#
interface GigabitEthernet2/1/0
#
interface GigabitEthernet2/2/0
#
interface GigabitEthernet2/3/0
#
interface GigabitEthernet2/4/0
#
interface Ten-GigabitEthernet1/5/0
mtu 2000
ip address dhcp-alloc
#
interface Ten-GigabitEthernet1/5/0.50
vlan-type dot1q vid 50
#
interface Ten-GigabitEthernet1/5/0.1000
vlan-type dot1q vid 1000
#
interface Ten-GigabitEthernet1/6/0
ip address dhcp-alloc
#
interface Ten-GigabitEthernet1/6/0.2000
vlan-type dot1q vid 2000
#
interface Ten-GigabitEthernet2/5/0
#
interface Ten-GigabitEthernet2/5/0.50
vlan-type dot1q vid 50
#
interface Ten-GigabitEthernet2/5/0.1000
vlan-type dot1q vid 1000
#
interface Ten-GigabitEthernet2/6/0
#
interface Ten-GigabitEthernet2/6/0.2000
vlan-type dot1q vid 2000
#
interface Vsi-interface1
ip policy-based-route tetong
portal bas-ip 100.100.1.3
portal apply mac-trigger-server mts
ip subscriber l2-connected enable
ip subscriber initiator dhcp enable
ip subscriber initiator unclassified-ip enable
ip subscriber timer quiet 120
undo ip subscriber user-detect ip
ip subscriber authentication-method web
ip subscriber roaming enable
ip subscriber password ciphertext $c$3$XSv6wTRQGTLHWDzfCsGEQ+G536Q3T5R9bg==
ip subscriber unclassified-ip domain a-wifi_pre
ip subscriber pre-auth domain a-wifi_pre
ip subscriber username string admin
ip subscriber pre-auth track 11 fail-permit user-group fail
#
interface Vsi-interface2
ip subscriber l2-connected enable
ip subscriber initiator dhcp enable
ip subscriber initiator unclassified-ip enable
ip subscriber roaming enable
ip subscriber password ciphertext $c$3$XSv6wTRQGTLHWDzfCsGEQ+G536Q3T5R9bg==
ip subscriber dhcp domain a-wifi_pre
#
interface Tunnel0 mode vxlan
source 100.100.1.1
destination 31.31.31.31
#
bgp 65009
router-id 100.100.1.2
#
address-family ipv4 unicast
network 11.0.0.0 255.255.0.0
network 211.9.80.0 255.255.240.0
#
address-family vpnv4
#
ip vpn-instance vrf1
#
address-family ipv4 unicast
import-route direct
import-route static
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 0 1
user-role network-operator
#
line con 0 1
user-role network-admin
#
line vty 0 63
authentication-mode none
user-role network-admin
user-role network-operator
idle-timeout 0 0
#
ip route-static 11.0.0.0 16 NULL0 preference 180 description Blackhole-Route
ip route-static 31.31.31.31 32 100.100.100.1
ip route-static 172.16.0.0 16 172.16.17.1
ip route-static 211.9.80.0 20 NULL0 preference 180 description Blackhole-Route
#
mad exclude interface GigabitEthernet1/1/0
#
snmp-agent
snmp-agent local-engineid 800063A280FA163E07CF5200000001
snmp-agent community write private
snmp-agent community read public
snmp-agent sys-info version all
#
ssh server enable
ssh user root service-type all authentication-type password
#
undo arp resolving-route enable
arp source-mac aging-time 60
#
qos apply policy a-wifi global inbound
qos apply policy out global outbound
#
redundancy group A_Wifi
preempt-delay 5
member interface Reth2
member interface Reth3
member failover group 1
node 1
bind slot 1
priority 100
track 1 interface Ten-GigabitEthernet1/5/0
track 2 interface Ten-GigabitEthernet1/6/0
node 2
bind slot 2
track 3 interface Ten-GigabitEthernet2/5/0
track 4 interface Ten-GigabitEthernet2/6/0
#
acl advanced 3000
rule 0 permit ip source 11.0.0.0 0.0.255.255
#
acl advanced 3099
rule 0 permit ip destination 29.29.0.1 0 user-group a-wifi
rule 5 permit ip source 29.29.0.1 0 user-group a-wifi
#
acl advanced 3525
rule 0 permit ip destination 28.28.28.100 0 user-group a-wifi
rule 1 permit ip destination 27.27.27.200 0 user-group a-wifi
rule 5 permit ip vpn-instance vrf1 destination 28.28.28.100 0 user-group a-wifi
rule 10 permit ip user-group fail
#
acl advanced 3526
rule 0 permit tcp destination-port eq www user-group a-wifi
rule 5 permit tcp vpn-instance vrf1 destination-port eq www user-group a-wifi
#
acl advanced 3527
rule 0 permit tcp destination-port eq 443 user-group a-wifi
rule 5 permit tcp vpn-instance vrf1 destination-port eq 443 user-group a-wifi
#
acl advanced 3528
rule 0 permit ip user-group a-wifi
rule 5 permit ip vpn-instance vrf1 user-group a-wifi
#
acl advanced 3529
rule 0 permit ip source 28.28.28.100 0 user-group a-wifi
rule 1 permit ip source 27.27.27.200 0 user-group a-wifi
rule 5 permit ip vpn-instance vrf1 source 28.28.28.100 0 user-group a-wifi
#
acl advanced 3899
rule 0 permit ip destination 100.100.1.1 0
#
acl advanced 3999
description for_tetong_user
rule 0 deny ip destination 28.28.28.100 0
rule 5 permit ip
#
user-profile free1
free-rule acl 3099
#
user-profile ita
qos car inbound any cir 10000 cbs 625000 ebs 0
qos car outbound any cir 10000 cbs 625000 ebs 0
qos apply policy ita inbound
qos apply policy ita outbound
#
user-profile tetong
qos apply policy tetong inbound
#
radius scheme aaa
primary authentication 172.16.15.200
primary accounting 172.16.15.200
key authentication cipher $c$3$itzc+vpeFDkhR1RnKJUsmyT6XdbuSmdNbw==
key accounting cipher $c$3$721n+GQFC7t0pV48LIXKz5+4cbrhop2I1w==
timer realtime-accounting 2
user-name-format without-domain
attribute 31 mac-format section three separator - lowercase
username-authorization apply
#
radius scheme imc
primary authentication 28.28.28.100 key cipher $c$3$VZu0tiAzF7dsNLte//lIN2qiTA5tQOwPrg==
primary accounting 28.28.28.100 key cipher $c$3$sVaIfL3KQcnQth+As4Qdx6rbEmnK/QhY0w==
user-name-format without-domain
#
radius scheme jsct
primary authentication 28.28.28.100
primary accounting 28.28.28.100
key authentication cipher $c$3$5h3Z95wgcIYC6H1lWl+o8Sb/RQSZtP04Pg==
key accounting cipher $c$3$LciZpm5DvPcpuDZgEoBFnEnAs9PF+8HzCA==
timer realtime-accounting 3
user-name-format without-domain
nas-ip 100.100.1.3
#
radius dynamic-author server
client ip 172.16.15.200 key cipher $c$3$aa50yCTQvxx6DzUQl2ePmLhY6TK1IqC7vg==
#
domain name a-wifi
state block time-range offline
state block time-range name a-wifi-online
authorization-attribute idle-cut 1
nas-id domain-a-wifi
authentication ipoe radius-scheme jsct
authorization ipoe radius-scheme jsct
accounting ipoe radius-scheme jsct
#
domain name a-wifi_pre
authorization-attribute user-group a-wifi
authorization-attribute ip-pool a-wifi_pre
authorization-attribute session-timeout 111
service-type stb
session-time include-idle-time
nas-id h3c/vbras:a-wifi_pre
authentication ipoe none
authorization ipoe none
accounting ipoe none
user-address-type private-ipv4
web-server url http://28.28.28.100:8080/portal
web-server ip 28.28.28.100
web-server url-parameter userip source-address
web-server url-parameter mac source-mac section 1 uppercase
web-server url-parameter oriUrl original-url
web-server url-parameter nas-id nas-id
web-server url-parameter remote-id remote-id
#
domain name awifi
authorization-attribute user-profile tetong
authorization-attribute car inbound cir 4194303 outbound cir 4194303 pir 4194303
nas-id domain-a-wifi
authentication ipoe radius-scheme aaa
authorization ipoe radius-scheme aaa
accounting ipoe radius-scheme aaa
#
domain name system
#
domain default enable a-wifi
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group a-wifi
#
user-group fail
#
user-group system
#
local-user root class manage
password hash $h$6$zR1H0VQKmsPSrlki$QB3JtZ08KMBi8Gv85yP7uFPqnoF5l0biJjfApRvDod6fdejdI6o1vtjhSLvhfMsge/GBT+FZjAfbkkuQo307wg==
service-type ftp
service-type ssh telnet http https
authorization-attribute user-role network-admin
#
local-user ip class network
authorization-attribute user-role network-operator
#
local-user ipoe class network
password cipher $c$3$FD4eC+mzM7K89XgqLWUievRGDyg11cfiqw==
service-type ipoe
authorization-attribute session-timeout 111
authorization-attribute user-role network-operator
#
ftp server enable
#
session service-location acl 3000 failover-group 1
session service-location acl 3001 failover-group 1
session statistics enable
session synchronization enable
session synchronization dns http
#
nat port-block synchronization enable
#
nat address-group 1
failover-group 1
port-range 1000 65535
port-block block-size 1000 extended-block-number 2
address 211.9.83.1 211.9.83.254
#
portal server A-wifi
ip 28.28.28.100 key cipher $c$3$jlIVq1QmzD/7Ym8rm9WdCnVeYtViHM0BFA==
#
portal mac-trigger-server mts
ip 28.28.28.100
binding-retry interval 3
aging-time 100
#
netconf soap http enable
netconf soap https enable
#
http-redirect https-port 6000
#
return
· H3C vBRAS系列虚拟宽带远程接入服务器 http://press.h3c.com/jsp/ir/fileList.do?classID=103&fileID=165210配置指导
· H3C vBRAS系列虚拟宽带远程接入服务器 http://press.h3c.com/jsp/ir/fileList.do?classID=103&fileID=165210命令参考
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!