08-H3C vBRAS支持IPoE Web特通功能典型配置举例-5W100
本章节下载: 08-H3C vBRAS支持IPoE Web特通功能典型配置举例-5W100 (468.63 KB)
H3C vBRAS系列虚拟宽带远程接入服务器IPoE Web特通功能典型配置举例
Copyright © 2018 新华三技术有限公司 版权所有,保留一切权利。 非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部, 并不得以任何形式传播。本文档中的信息可能变动,恕不另行通知。 |
目 录
本文档介绍H3C vBRAS系列虚拟路由器IPoE Web特通功能典型配置举例。H3C vBRAS虚拟路由器有别于H3C公司以往的各系列物理路由器,是一款运行在标准服务器虚拟机上的纯软件路由器产品。IPoE Web特通功能是为大型国际会议允许特定账号可直接访问国际出口而设计。
· 本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请参考相关产品手册,或以设备实际情况为准。
· 本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
· 本文档假设您已了解ACL、QoS、策略路由、AAA等特性。
如图1所示:
· 在vBRAS和Switch间建立VXLAN隧道,Router A 作为国内访问出口的防火墙,Router B作为国外访问出口的防火墙。
· Host作为DHCP Client经由二层网络以IPoE方式接入到vBRAS。
· vBRAS作为DHCP服务器为Host动态分配IP地址。
· 由一台已安装H3C iMC的服务器同时承担RADIUS服务器、Portal认证服务器和Portal Web服务器的职责。
图1 IPoE Web特通功能典型配置举例组网图
用户从Switch通过vBRAS的冗余接口接入,设备配置IPoE Web,在IPoE Web配置基础上配置特通功能。配置特通用户ACL,特通用户类匹配ACL规则,流行为对特通用户流量打标记,特通QoS策略关联类和流行为;配置用户user-profile和策略路由,并在接口下使能;特通用户上线时,AAA给特通用户授权user-profile,根据策略路由走国外通道。
本举例是在vBRAS1000_H3C-CMW710-E1116-X64版本上进行配置和验证的。
建议将IPoE Web认证与Portal认证配置在不同的接口上。
(1) 配置IPoE Web认证(配置过程略)。
(2) IPoE Web特通功能主要有两部分组成认证前DNS流量控制,认证后特通用户流量控制。
(3) 认证前DNS流量控制。
# 配置ACL匹配认证前用户的DNS流量。
<vBRAS> system
[vBRAS] acl advanced 3900
[vBRAS-acl-ipv4-adv-3900] description acl_for_pre_dns
[vBRAS-acl-ipv4-adv-3900] rule 10 permit udp destination-port eq dns
[vBRAS-acl-ipv4-adv-3900] rule 20 permit tcp destination-port eq dns
[vBRAS-acl-ipv4-adv-3900] quit
# 配置流量类DNS的规则。
[vBRAS] traffic classifier dns operator or
[vBRAS-classifier-dns] if-match acl 3900
[vBRAS-classifier-dns] quit
# 配置DNS流量类行为,标记ID值为4095。
[vBRAS] traffic behavior dns
[vBRAS-behavior-dns] remark qos-local-id 4095
[vBRAS-behavior-dns] quit
# 配置DNS流量QoS规则。
[vBRAS] qos policy dns
[vBRAS-qospolicy-dns] classifier dns behavior dns
[vBRAS-qospolicy-dns] quit
# 配置用户的DNS流量策略dns,入方向引用QoS策略dns。
[vBRAS] user-profile dns
[vBRAS-user-profile-dns] qos apply policy dns inbound
[vBRAS-user-profile-dns] quit
# 认证前域下配置授权DNS流量策略dns。
[vBRAS] domain name a-wifi_pre
[vBRAS-isp-a-wifi_pre] authorization-attribute user-profile dns
[vBRAS-isp-a-wifi_pre] quit
(4) 认证后特通用户流量控制。
# 配置匹配特通用户的报文ACL,匹配特通用户除portal server方向流量所有流量。
[vBRAS] acl advanced 3999
[vBRAS-acl-ipv4-adv-3900] rule 0 deny ip destination 28.28.28.100 0
[vBRAS-acl-ipv4-adv-3900] rule 5 permit ip
[vBRAS-acl-ipv4-adv-3900] quit
# 配置类tetong匹配规则3999。
[vBRAS] traffic classifier tetong operator and
[vBRAS-classifier-tetong] if-match acl 3999
[vBRAS-classifier-tetong] quit
# 配置流行为tetong,标记ID值为4095。
[vBRAS] traffic behavior tetong
[vBRAS-behavior-tetong] remark qos-local-id 4095
[vBRAS-behavior-tetong] quit
# 配置tetong策略,为类tetong指定对应的流行为为增加标记4095。
[vBRAS] qos policy tetong
[vBRAS-qospolicy-tetong] classifier tetong behavior tetong
[vBRAS-qospolicy-tetong] quit
# 配置用户策略tetong,入方向引用QoS策略tetong。
[vBRAS] user-profile tetong
[vBRAS-isp-tetong] qos apply policy tetong inbound
[vBRAS-isp-tetong] quit
# 配置tetong策略路由,如果匹配标记为4095,则流量下一跳为特通防火墙。
[vBRAS] policy-based-route tetong permit node 10
[vBRAS-pbr-tetong-10] if-match qos-local-id 4095
[vBRAS-pbr-tetong-10] apply next-hop 200.200.200.3
[vBRAS-pbr-tetong-10] quit
# 接入接口引用策略路由。
[vBRAS] interface reth 2
[vBRAS-Reth2] ip policy-based-route tetong
[vBRAS-Reth2] quit
# 配置出接口地址------对应为大陆防火墙设备连通链路。
[vBRAS] interface reth 4
[vBRAS-Reth4] ip address 201.201.201.2 255.255.255.0
[vBRAS-Reth4] quit
# 配置接口地址------对应为特通防火墙设备连通链路。
[vBRAS] interface reth3
[vBRAS-Reth3] ip address 200.200.200.2 255.255.255.0
[vBRAS-Reth3] quit
# 指定默认路由,下一跳为大陆防火墙。
[vBRAS] ip route-static 0.0.0.0 0 201.201.201.3 description default-firewall
# 用户在认证时,RADIUS服务器向用户下发用户策略user-profile tetong。
Router A作为默认大陆方向防火墙,与vBRAS路由可达,不作详细介绍。
Router B作为默认特通方向防火墙,与vBRAS路由可达,不作详细介绍。
# 用户接入进入认证前状态,此时用户授权得到DNS策略,用户的所有DNS流量走到特通防火墙。
[vBRAS] display ip subscriber session verbose
Basic:
Description : -
Username : 000c29564dcc
Domain : a-wifi_pre
VPN instance : N/A
IP address : 11.0.0.6
User address type : N/A
MAC address : 000c-2956-4dcc
Service-VLAN/Customer-VLAN : 1001/1000
Access interface : Reth2
User ID : 0x38200007
VPI/VCI(for ATM) : -/-
VSI Index : -
VSI link ID : -
VXLAN ID : -
DNS servers : 28.28.28.101
IPv6 DNS servers : N/A
DHCP lease : 86400 sec
DHCP remain lease : 86385 sec
Access time : Apr 27 14:56:24 2018
Online time(hh:mm:ss) : 00:00:14
Service node : Slot 1 CPU 0
Authentication type : Web pre-auth
IPv4 access type : DHCP
IPv4 detect state : Detecting
State : Online
AAA:
ITA policy name : N/A
IP pool : a-wifi_pre
IPv6 pool : N/A
Primary DNS server : N/A
Secondary DNS server : N/A
Primary IPv6 DNS server : N/A
Secondary IPv6 DNS server : N/A
Session idle cut : N/A
Session duration : N/A, remaining: N/A
Traffic quota : N/A
Traffic remained : N/A
Acct start-fail action : Online
Acct update-fail action : Online
Acct quota-out action : Offline
Dual-stack accounting mode : Merge
Max IPv4 multicast addresses: 4
IPv4 multicast address list : N/A
Max IPv6 multicast addresses: 4
IPv6 multicast address list : N/A
Accounting start time : Apr 27 14:56:24 2018
Redirect URL : http://28.28.28.100:8080/portal
QoS:
User profile : dns (active)
Session group profile : N/A
User group ACL : a-wifi (active)
Inbound CAR : N/A
Outbound CAR : N/A
Inbound user priority : N/A
Outbound user priority : N/A
Flow statistic:
Uplink packets/bytes : 0/0
Downlink packets/bytes : 0/0
IPv6 uplink packets/bytes : 0/0
IPv6 downlink packets/bytes : 0/0
# 使特通防火墙下一跳不可达,用户PC无法解析网址,无法完成网页重定向,获取认证页面。
图2 重定向页面
# 使特通防火墙下一跳可达,用户PC解析网址,获取认证页面。
图3 iMC Portal登录页面
# 特通用户输入用户名和密码认证,此时用户授权得到特通策略。
[vBRAS] display ip subscriber session verbose
Basic:
Description : -
Username : admin
Domain : a-wifi
VPN instance : N/A
IP address : 11.0.0.6
User address type : N/A
MAC address : 000c-2956-4dcc
Service-VLAN/Customer-VLAN : 1001/1000
Access interface : Reth2
User ID : 0x38200007
VPI/VCI(for ATM) : -/-
VSI Index : -
VSI link ID : -
VXLAN ID : -
DNS servers : 28.28.28.101
IPv6 DNS servers : N/A
DHCP lease : 86400 sec
DHCP remain lease : 85389 sec
Access time : Apr 27 14:56:24 2018
Online time(hh:mm:ss) : 00:04:41
Service node : Slot 1 CPU 0
Authentication type : Web
IPv4 access type : DHCP
IPv4 detect state : Detecting
State : Online
AAA:
ITA policy name : N/A
IP pool : a-wifi_pre
IPv6 pool : N/A
Primary DNS server : N/A
Secondary DNS server : N/A
Primary IPv6 DNS server : N/A
Secondary IPv6 DNS server : N/A
Session idle cut : N/A
Session duration : N/A, remaining: N/A
Traffic quota : N/A
Traffic remained : N/A
Acct start-fail action : Online
Acct update-fail action : Online
Acct quota-out action : Offline
Dual-stack accounting mode : Merge
Max IPv4 multicast addresses: 4
IPv4 multicast address list : N/A
Max IPv6 multicast addresses: 4
IPv6 multicast address list : N/A
Accounting start time : Apr 27 15:08:34 2018
QoS:
User profile : tetong (active)
Session group profile : N/A
User group ACL : N/A
Inbound CAR : N/A
Outbound CAR : N/A
Inbound user priority : N/A
Outbound user priority : N/A
Flow statistic:
Uplink packets/bytes : 7622/401610
Downlink packets/bytes : 71/11693
IPv6 uplink packets/bytes : 0/0
IPv6 downlink packets/bytes : 0/0
# 在用户PC ping外网,走特通防火墙,当特通防火墙不可达,无法访问外网;恢复后可以正常访问。
[RouterB] interface vlan-interface 2000
[RouterB-Vlan-interface2000]shutdown
[RouterB-Vlan-interface2000]%Jan 24 18:57:03:833 2011 CR IFNET/3/PHY_UPDOWN: Physical state on the interface Vlan-interface2000 changed to down.
%Jan 24 18:57:03:837 2011 CR IFNET/5/LINK_UPDOWN: Line protocol state on the interface Vlan-interface2000 changed to down.
# 普通用户未无特通策略,走默认大陆防火墙。
[vBRAS]display ip subscriber session verbose
Basic:
Description : -
Username : admin
Domain : a-wifi
VPN instance : N/A
IP address : 11.0.0.6
User address type : N/A
MAC address : 000c-2956-4dcc
Service-VLAN/Customer-VLAN : 1001/1000
Access interface : Reth2
User ID : 0x38200007
VPI/VCI(for ATM) : -/-
VSI Index : -
VSI link ID : -
VXLAN ID : -
DNS servers : 28.28.28.101
IPv6 DNS servers : N/A
DHCP lease : 86400 sec
DHCP remain lease : 85172 sec
Access time : Apr 27 14:56:24 2018
Online time(hh:mm:ss) : 00:01:41
Service node : Slot 1 CPU 0
Authentication type : Web
IPv4 access type : DHCP
IPv4 detect state : Detecting
State : Online
AAA:
ITA policy name : N/A
IP pool : a-wifi_pre
IPv6 pool : N/A
Primary DNS server : N/A
Secondary DNS server : N/A
Primary IPv6 DNS server : N/A
Secondary IPv6 DNS server : N/A
Session idle cut : N/A
Session duration : N/A, remaining: N/A
Traffic quota : N/A
Traffic remained : N/A
Acct start-fail action : Online
Acct update-fail action : Online
Acct quota-out action : Offline
Dual-stack accounting mode : Merge
Max IPv4 multicast addresses: 4
IPv4 multicast address list : N/A
Max IPv6 multicast addresses: 4
IPv6 multicast address list : N/A
Accounting start time : Apr 27 15:15:10 2018
QoS:
User profile : N/A
Session group profile : N/A
User group ACL : N/A
Inbound CAR : N/A
Outbound CAR : N/A
Inbound user priority : N/A
Outbound user priority : N/A
Flow statistic:
Uplink packets/bytes : 2224/120285
Downlink packets/bytes : 102/13949
IPv6 uplink packets/bytes : 0/0
IPv6 downlink packets/bytes : 0/0
# 普通用户ping 外网正常,即使特通防火墙不可达也不受影响。
[RouterB] interface vlan-interface 2000
[RouterB-Vlan-interface2000] shutdown
[CR-Vlan-interface2000]%Jan 24 18:57:03:833 2011 CR IFNET/3/PHY_UPDOWN: Physical state on the interface Vlan-interface2000 changed to down.
%Jan 24 18:57:03:837 2011 CR IFNET/5/LINK_UPDOWN: Line protocol state on the interface Vlan-interface2000 changed to down.
vBRAS的配置文件如下:
#
sysname vBRAS
#
failover group 1
bind slot 1 primary
bind slot 2 secondary
#
ip vpn-instance vrf1
route-distinguisher 1:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
telnet server enable
#
irf mac-address persistent always
irf auto-update enable
irf auto-merge enable
irf domain 1016231237
irf member 1 priority 32
irf member 2 priority 31
#
router id 100.100.1.2
#
track 1 interface Ten-GigabitEthernet1/5/0
#
track 2 interface Ten-GigabitEthernet1/6/0
#
track 3 interface Ten-GigabitEthernet2/5/0
#
track 4 interface Ten-GigabitEthernet2/6/0
#
track 11 nqa entry 1 1 reaction 1
#
isis 100
cost-style wide
network-entity 04.5090.0100.0100.0100.0088.00
#
address-family ipv4 unicast
#
address-family ipv6 unicast
#
mpls lsr-id 100.100.1.2
#
dhcp enable
#
ip subscriber timer traffic 30000
#
flow-interval 60
#
password-recovery enable
#
irf-port 1
port group interface GigabitEthernet1/3/0 type data
port group interface GigabitEthernet1/4/0 type control
#
irf-port 2
port group interface GigabitEthernet2/3/0 type data
port group interface GigabitEthernet2/4/0 type control
#
traffic classifier a-wifi_deny operator and
if-match acl 3528
#
traffic classifier a-wifi_http operator and
if-match acl 3526
#
traffic classifier a-wifi_https operator and
if-match acl 3527
#
traffic classifier a-wifi_out operator and
if-match acl 3529
#
traffic classifier a-wifi_permit operator and
if-match acl 3525
#
traffic classifier dns operator or
if-match acl 3900
#
traffic classifier tetong operator or
if-match acl 3999
#
traffic behavior a-wifi_deny
filter deny
#
traffic behavior a-wifi_http
redirect http-to-cpu
#
traffic behavior a-wifi_https
redirect https-to-cpu
#
traffic behavior a-wifi_out
filter permit
#
traffic behavior a-wifi_permit
filter permit
#
traffic behavior dns
remark qos-local-id 4095
#
traffic behavior tetong
remark qos-local-id 4095
#
qos policy a-wifi
classifier a-wifi_permit behavior a-wifi_permit
classifier a-wifi_http behavior a-wifi_http
classifier a-wifi_https behavior a-wifi_https
classifier a-wifi_deny behavior a-wifi_deny
#
qos policy dns
classifier dns behavior dns
#
qos policy out
classifier a-wifi_out behavior a-wifi_out
classifier a-wifi_deny behavior a-wifi_deny
#
qos policy tetong
classifier tetong behavior tetong
#
dhcp server ip-pool a-wifi_pre
gateway-list 11.0.0.1 export-route
network 11.0.0.0 mask 255.255.0.0 export-route
address range 11.0.0.2 11.0.255.254
dns-list 28.28.28.101
#
policy-based-route tetong permit node 10
if-match qos-local-id 4095
apply next-hop 200.200.200.3
#
nqa entry 1 1
type icmp-echo
destination ip 28.28.28.100
frequency 500
history-record enable
history-record number 10
probe count 3
probe timeout 500
reaction 1 checked-element probe-fail threshold-type consecutive 3 action-type trigger-only
#
nqa schedule 1 1 start-time now lifetime forever
#
mpls ldp
#
l2vpn enable
l2vpn statistics interval 60
#
interface Reth1
ip address 172.16.17.88 255.255.255.0
member interface GigabitEthernet1/1/0 priority 32
member interface GigabitEthernet2/1/0 priority 31
#
interface Reth2
description downlink
mtu 2000
member interface Ten-GigabitEthernet1/5/0.1000 priority 101
member interface Ten-GigabitEthernet2/5/0.1000 priority 100
ip policy-based-route tetong
ip subscriber l2-connected enable
ip subscriber initiator dhcp enable
ip subscriber authentication-method web
ip subscriber pre-auth domain a-wifi_pre
ip subscriber web-auth domain a-wifi
#
interface Reth3
description up-1
ip address 200.200.200.2 255.255.255.0
isis enable 100
isis ipv6 enable 100
isis circuit-level level-2
isis circuit-type p2p
isis small-hello
mpls enable
mpls ldp enable
member interface Ten-GigabitEthernet1/6/0.2000 priority 101
member interface Ten-GigabitEthernet2/6/0.2000 priority 100
mad arp enable
#
interface Reth4
description up-2
ip address 201.201.201.2 255.255.255.0
pim dm
isis enable 100
isis ipv6 enable 100
isis circuit-level level-2
isis circuit-type p2p
isis small-hello
mpls enable
mpls ldp enable
member interface Ten-GigabitEthernet1/6/0.2001 priority 100
member interface Ten-GigabitEthernet2/6/0.2001 priority 99
#
interface NULL0
#
interface LoopBack1
ip address 100.100.1.1 255.255.255.255
#
interface LoopBack2
description LoopBack
ip address 100.100.1.2 255.255.255.255
isis enable 100
#
interface LoopBack3
ip address 100.100.1.3 255.255.255.255
isis enable 100
#
interface GigabitEthernet1/1/0
port link-mode route
ip address dhcp-alloc
#
interface GigabitEthernet1/2/0
port link-mode route
#
interface GigabitEthernet1/3/0
port link-mode route
#
interface GigabitEthernet1/4/0
port link-mode route
#
interface GigabitEthernet2/1/0
port link-mode route
#
interface GigabitEthernet2/2/0
port link-mode route
#
interface GigabitEthernet2/3/0
port link-mode route
#
interface GigabitEthernet2/4/0
port link-mode route
#
interface Ten-GigabitEthernet1/5/0
port link-mode route
mtu 2000
ip address dhcp-alloc
#
interface Ten-GigabitEthernet1/5/0.50
vlan-type dot1q vid 50
#
interface Ten-GigabitEthernet1/5/0.52
vlan-type dot1q vid 52
#
interface Ten-GigabitEthernet1/5/0.1000
vlan-type dot1q vid 1001 second-dot1q any
#
interface Ten-GigabitEthernet1/6/0
port link-mode route
#
interface Ten-GigabitEthernet1/6/0.2000
vlan-type dot1q vid 2000
#
interface Ten-GigabitEthernet1/6/0.2001
vlan-type dot1q vid 2001
#
interface Ten-GigabitEthernet2/5/0
port link-mode route
#
interface Ten-GigabitEthernet2/5/0.50
vlan-type dot1q vid 50
#
interface Ten-GigabitEthernet2/5/0.52
vlan-type dot1q vid 52
#
interface Ten-GigabitEthernet2/5/0.1000
vlan-type dot1q vid 1001 second-dot1q any
#
interface Ten-GigabitEthernet2/6/0
port link-mode route
#
interface Ten-GigabitEthernet2/6/0.2000
vlan-type dot1q vid 2000
#
interface Ten-GigabitEthernet2/6/0.2001
vlan-type dot1q vid 2001
#
bgp 65009
router-id 100.100.1.2
peer 61.156.221.192 as-number 65009
peer 61.156.221.192 connect-interface LoopBack2
#
address-family ipv4 unicast
import-route direct
network 11.0.0.0 255.255.0.0
network 211.9.80.0 255.255.240.0
peer 61.156.221.192 enable
peer 29.29.0.0 16 enable
#
address-family vpnv4
#
address-family ipv6 unicast
import-route direct
#
ip vpn-instance vrf1
#
address-family ipv4 unicast
import-route direct
import-route static
#
multicast routing
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 0 1
user-role network-operator
#
line con 0 1
user-role network-admin
#
line vty 0 63
authentication-mode none
user-role network-admin
user-role network-operator
idle-timeout 0 0
#
ip route-static 11.0.0.0 16 NULL0 preference 180 description Blackhole-Route
ip route-static 0.0.0.0 0 201.201.201.3 description default-firewall
ip route-static 28.28.28.0 24 201.201.201.3
ip route-static 31.31.31.31 32 52.1.1.2
ip route-static 172.16.15.200 32 172.16.17.1
ip route-static 211.9.80.0 20 NULL0 preference 180 description Blackhole-Route
#
mad exclude interface GigabitEthernet1/1/0
#
snmp-agent
snmp-agent local-engineid 800063A280FA163E07CF5200000001
snmp-agent community write private
snmp-agent community read public
snmp-agent sys-info version all
#
ssh server enable
ssh user root service-type all authentication-type password
#
undo arp resolving-route enable
arp source-mac aging-time 60
#
qos apply policy a-wifi global inbound
qos apply policy out global outbound
#
redundancy group A_Wifi
preempt-delay 5
member interface Reth2
member interface Reth3
member interface Reth4
member failover group 1
node 1
bind slot 1
priority 100
track 1 interface Ten-GigabitEthernet1/5/0
track 2 interface Ten-GigabitEthernet1/6/0
node 2
bind slot 2
track 3 interface Ten-GigabitEthernet2/5/0
track 4 interface Ten-GigabitEthernet2/6/0
#
acl advanced 3525
rule 0 permit ip destination 28.28.28.100 0 user-group a-wifi
rule 15 permit ip destination 28.28.28.101 0 user-group a-wifi
#
acl advanced 3526
rule 0 permit tcp destination-port eq www user-group a-wifi
#
acl advanced 3527
rule 0 permit tcp destination-port eq 443 user-group a-wifi
#
acl advanced 3528
rule 0 permit ip user-group a-wifi
#
acl advanced 3529
rule 0 permit ip source 28.28.28.100 0 user-group a-wifi
rule 5 permit ip source 28.28.28.101 0 user-group a-wifi
#
acl advanced 3900
description acl_for_pre_dns
rule 10 permit udp destination-port eq dns
rule 20 permit tcp destination-port eq dns
#
acl advanced 3999
rule 0 deny ip destination 28.28.28.100 0
rule 5 permit ip
#
user-profile dns
qos apply policy dns inbound
#
user-profile free1
free-rule acl 3099
#
user-profile tetong
qos apply policy tetong inbound
#
radius scheme imc
primary authentication 28.28.28.100 key cipher $c$3$VZu0tiAzF7dsNLte//lIN2qiTA5tQOwPrg==
primary accounting 28.28.28.100 key cipher $c$3$sVaIfL3KQcnQth+As4Qdx6rbEmnK/QhY0w==
user-name-format without-domain
#
radius dynamic-author server
client ip 172.16.15.200 key cipher $c$3$aa50yCTQvxx6DzUQl2ePmLhY6TK1IqC7vg==
#
domain name a-wifi
nas-id domain-a-wifi
authentication ipoe none
authorization ipoe none
accounting ipoe none
#
domain name a-wifi_pre
authorization-attribute user-profile dns
authorization-attribute user-group a-wifi
authorization-attribute ip-pool a-wifi_pre
nas-id h3c/vbras:a-wifi_pre
authentication ipoe none
authorization ipoe none
accounting ipoe none
web-server url http://28.28.28.100:8080/portal
web-server ip 28.28.28.100
web-server url-parameter userip source-address
web-server url-parameter mac source-mac section 1 uppercase
web-server url-parameter oriUrl original-url
web-server url-parameter nas-id nas-id
#
domain name system
#
domain default enable a-wifi
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group a-wifi
#
user-group system
#
local-user root class manage
password hash $h$6$zR1H0VQKmsPSrlki$QB3JtZ08KMBi8Gv85yP7uFPqnoF5l
service-type ftp
service-type ssh telnet http https
authorization-attribute user-role network-admin
#
local-user ip class network
authorization-attribute user-role network-operator
#
ftp server enable
#
portal web-server A-wifi
url http://28.28.28.100:8080/portal/
#
netconf soap http enable
netconf soap https enable
#
http-redirect https-port 6000
#
Return
· H3C vBRAS系列虚拟宽带远程接入服务器 http://press.h3c.com/jsp/ir/fileList.do?classID=103&fileID=165210配置指导
· H3C vBRAS系列虚拟宽带远程接入服务器 http://press.h3c.com/jsp/ir/fileList.do?classID=103&fileID=165210命令参考
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!