Download Book

19-H3C IMC UAM Preregistered Guest Authentication with an SMS Sender Configuration Examples-book.pdf(1.02 MB)

Released At: 05-07-2024
Page Views:
Downloads:

Table of Contents

19-H3C IMC UAM Preregistered Guest Authentication with an SMS Sender Configuration Examples

Related Documents

H3C IMC UAM

Preregistered Guest Authentication with an SMS Sender Configuration Examples

Software version: IMC UAM 7.2 (E0405)

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.

The information in this document is subject to change without notice.

Introduction

This document provides examples for configuring UAM to authenticate preregistered guests that obtain account passwords through SMS messages.

Prerequisites

To send SMS messages through a GSM modem, make sure the GSM modem device and SIM card are provided.

An Emay SMS gateway is integrated into the IMC platform. To send SMS messages through it, provide authorization information for Emay, including the serial number, password, and key.

Example: Configuring UAM to authenticate preregistered guests through SMS messages

Network configuration

As shown in Figure 1, configure UAM to authenticate a preregistered guest that provides a mobile phone number to obtain an account password through an SMS message.

Use a wavecom Fastrack modem M1206 or an Emay SMS gateway as the SMS sender to work with GSM/GPRS networks.

NOTE:

CDMA phones are not supported.

Figure 1 Network diagram

Software versions used

This configuration example was created and verified on the following platforms:

· IMC PLAT 7.2 (E0403P03)

· IMC UAM 7.2 (E0405)

If you are using a GSM/GPRS modem to provide SMS service, configure the modem as described in "Configuring a GSM modem. If you are using an Emay gateway, configure the gateway as described in "Configuring an SMS sender."

Configuring a GSM modem

1. Connect the GSM modem to the IMC server. If a USB cable is used, make sure the USB to serial driver is correctly installed.

2. View the COM port on the IMC server.

In this example, the GSM modem is connected to COM4.

3. Configure SMSC settings.

a. Click the System tab.

b. Click the SMSC Settings icon located in the System Configuration area of the System page.

The SMSC Settings page opens.

c. Select GSM Modem as the sending method, as shown in Figure 2.

Figure 2 Selecting the GMS Modem method

d. In the GSM modem list, click the Modify icon next to the GSM modem named User Access Management.

The Modify SMSC page opens.

e. Modify the SMSC settings, as shown in Figure 3.

- Select COM4 from the Connect Using list.

- Select 115200 from the Baudrate list.

- Enter your country code in the Country Code field. This example uses 86.

- Enter the SMSC number according to your country carriers in the SMSC Number field.

- Enter 13800100500 for China Mobile users or 13010112500 for China Unicom users. This example uses 13010112500.

Figure 3 Modifying the SMSC parameters

f. Click OK.

Configuring an SMS sender

1. Click the System tab.

2. Click the SMSC Settings icon located in the System Configuration area of the System page.

The SMSC Settings page opens.

3. Select SMS Sender as the sending method, as shown in Figure 4.

Figure 4 Selecting the SMS Sender method

4. If an SMS sender has not been configured before, click Register Serial Number.

The Register Serial Number page opens.

5. Enter the serial number, password, and key provided by the SMS service provider, as shown in Figure 5.

Figure 5 Registering the SMS sender

6. Click OK.

7. Click OK on the SMSC Settings page.

Configuring an SMS notification

1. Click the User tab.

2. From the navigation tree, select Access User > Deliver Message.

3. Click the SMS Notification tab.

All SMS notifications are displayed, as shown in Figure 6.

Figure 6 Viewing all SMS notifications

4. Click the Modify icon for the default password notification entry.

5. On the Modify SMS Notification page, select Selected Groups as the recipient and select the group named Ungrouped from the user group list, as shown in Figure 7.

Figure 7 Modifying the default SMS notification

6. Click OK.

Configuring the SMS settings

1. Click the User tab.

2. From the navigation tree, select Access User > Deliver Message.

3. Select the SMS Notification tab, and then click SMS Settings on the right of the page.

The SMS Settings page opens, as shown in Figure 8.

Figure 8 Accessing the SMS Settings page

4. Select a method to obtain the phone number for receiving the SMS message:

This example uses the Phone Number and Account Name option.

5. To permit guest registration from any mobile phone numbers, leave the Phone Number Restriction field empty. To permit guest registration from only a group of mobile phone numbers, specify a regular expression in the Phone Number Restriction field. For example, to only permit guest registration from mobile phone numbers that start with 13, 15, or 18, enter ^1[358][0-9]{9}$.

6. Click OK.

Configuring user authentication services

Configuring an access device

1. Click the User tab.

2. From the navigation tree, select User Access Policy > Access Device Management > Access Device.

3. On the access device list, click Add.

The Add Access Device page opens.

4. Configure the access device parameters, as shown in Figure 9.

a. In the Access Configuration area, enter expert in the Shared Key and Confirm Shared Key fields, and use the default values for other parameters.

b. In the Device List area, click Add Manually to add the device with IP address 192.168.40.168 to the list. (Details not shown.)

Figure 9 Adding an access device

5. Click OK.

Configuring an access policy

1. Click the User tab.

2. From the navigation tree, select User Access Policy > Access Policy.

3. On the access policy list, click Add.

4. The Add Access Policy page opens, as shown in Figure 10.

Figure 10 Adding an access policy

5. Enter Guest Access Policy in the Access Policy Name field and use the default values for other parameters.

6. Click OK.

Configuring an access service

1. Click the User tab.

2. From the navigation tree, select User Access Policy > Access Service.

3. On the access service list, click Add.

The Add Access Service page opens.

4. Configure basic information for the access service, as shown in Figure 11:

a. Enter Guest Access Service in the Service Name field.

b. Select Guest Access Policy from the Default Access Policy list.

c. Select the Transparent Authentication option.

d. Use the default values for other parameters.

Figure 11 Adding an access service

5. Click OK.

Configuring an access user

1. Click the User tab.

2. From the navigation tree, select Access User > All Access Users.

The All Access Users page opens, as shown in Figure 12.

Figure 12 Accessing the All Access Users page

3. On the access user list, click Add.

The Add Access User page opens.

4. In the User Name field, click Select to select an existing user account from the IMC platform, or click Add User to add a new IMC platform user.

This example uses the Add User option.

Configure the access user parameters, as shown in Figure 13.

a. Enter x10939 in the User Name field.

b. Enter 1497 in the Identity Number field.

c. Enter 18519108906 in the Telephone field.

d. Use the default values for other parameters.

e. Click OK.

The Add User page closes.

Figure 13 Adding a new IMC platform user

5. On the Add Access User page, configure the access user parameters, as shown in Figure 14:

a. Enter x10939 in the Account Name field.

b. Enter x10939 in the Password and Confirm Password fields.

c. Select the service named Guest Access Service in the Access Service area.

d. Use the default values for other parameters.

Figure 14 Configuring an access user

6. Click OK.

Verifying SMS service configuration

1. Access the All Access Users page.

2. Select the access user named x10939, click More, and select Send Password SMS Message Notifications from the shortcut menu, as shown in Figure 15:

Figure 15 Sending password SMS message notifications

If the access user with phone number 18519108906 receives an SMS message containing the account name and password, the SMS service is configured correctly.

Configuring transparent portal authentication

Adding an IP group

1. Click the User tab.

2. From the navigation tree, select User Access Policy > Portal Service > IP Group.

3. On the IP group list, click Add.

The Add IP Group page opens.

4. Configure the IP group parameters, as shown in Figure 16:

a. Enter SMS in the IP Group Name field.

b. Enter 192.168.70.1 in the Start IP field.

c. Enter 192.168.70.100 in the End IP field.

d. Use the default values for other parameters.

Figure 16 Adding an IP group

5. Click OK.

Adding a portal device

1. Click the User tab.

2. From the navigation tree, select User Access Policy > Portal Service > Device.

3. On the portal device list, click Add.

The Add Device page opens.

4. Configure the portal device parameters, as shown in Figure 17:

a. Enter SMS in the Device Name field.

b. Enter 192.168.70.1 in the IP Address field.

c. Enter portal in the Key and Confirm Key fields.

d. Select Directly Connected from the Access Method list.

e. Use the default values for other parameters.

Figure 17 Adding a portal device

5. Click OK.

Adding a port group

1. On the portal device list, click the Port Group icon in the Operation column for device SMS.

The Configure Port Group page opens.

2. On the port group list, click Add.

The Add Port Group page opens.

3. Configure the port group parameters, as shown in Figure 18:

a. Enter Portal_port in the Port Group Name field.

b. Select SMS from the IP Group list.

c. Select Supported from the Transparent Authentication list.

d. Select PC – SMS Message Registration and Authentication (PC) from the Default Authentication Page list.

e. Use the default values for other parameters.

Figure 18 Configuring a port group

4. Click OK.

Configuring user endpoint settings

1. Click the User tab.

2. From the navigation tree, select User Access Policy > Service Parameters > System Settings.

3. Click the Configure icon for User Endpoint Settings.

4. Configure user endpoint settings, as shown in Figure 19:

a. Select Enable from the Transparent Authentication list.

b. To enable user transparent authentication on non-smart endpoints (for example, PCs), select Permit from the Non-Smart Device Transparent Portal AuthN list.

c. Use the default values for other parameters.

Figure 19 Configuring user endpoint settings

5. Click OK.

Configuring the endpoint aging policy parameters

1. Click the User tab.

2. From the navigation tree, select User Access Policy > Service Parameters > System Settings.

3. Click the Configure icon for Endpoint Aging Policy.

The Endpoint Aging Policies page opens, as shown in Figure 20.

Figure 20 Accessing the Endpoint Aging Policies page

4. Click the Modify icon for the default endpoint aging policy.

5. On the Modify Endpoint Aging Policy page, enter 3 in the Endpoint Aging Time field, as shown in Figure 21.

Figure 21 Modifying the endpoint aging time

6. Click OK.

Managing guest services

Configuring guest service parameters

1. Click the User tab.

2. From the navigation tree, select Guest > Guest Parameters.

The Guest Parameters page opens.

3. Select Enable from the Guest Preregistration list, and use the default values for other parameters, as shown in Figure 22.

Figure 22 Enabling guest preregistration

4. Click OK.

Adding a guest manager

1. Click the User tab.

2. From the navigation tree, select Guest > Guest Manager.

The Guest Manager page opens.

3. Click Add.

The Add Guest Manager page opens.

4. Configure the guest manager parameters, as shown in Figure 23:

a. Enter 14 in the Maximum validity period of managed guests field.

b. Click Select, and then select access user x10939 on the Select Access User page that opens.

c. Use the default values for other parameters.

Figure 23 Adding a guest manager

5. Click OK.

NOTE:

In addition to the Maximum validity period of managed guest parameter, the validity period of the managed guests is also affected by the Default validity period of guests parameter of the guest policy assigned to them. If the two parameters use different values, the parameter with the smaller value applies to the guests.

Specifying the default guest manager

When guest auto-registration is enabled, UAM automatically uses the default guest manager to manage all guest accounts that are automatically registered.

On the guest manager list, click No in the Default Guest Manager column next to guest manager x10939 to configure it as the default guest manager, as shown in Figure 24.

Figure 24 Specifying the default guest manager

NOTE:

The Default Guest Manager column is displayed only if guest auto-registration is enabled. The column does not change immediately after the guest auto-registration setting is modified. To view the latest guest manager list, log out and back in to IMC.

Adding a guest service

A guest service is dedicated to guests. You can configure existing services in UAM as guest services without adding new guest services.

To add a guest service:

1. Click the User tab.

2. From the navigation tree, select Guest > Guest Service.

3. On the guest service list, click Add.

4. Select service Guest Access Service as the guest service, as shown in Figure 25.

Figure 25 Specifying a guest service

5. Click OK.

Specifying the default guest service

When guest auto-registration is enabled, configure a default guest service to be assigned to the guest accounts that are automatically registered.

On the guest service list, click No in the Default Guest Service column for guest service Guest Access Service to configure it as the default guest service, as shown in Figure 26.

Figure 26 Specifying the default guest service

NOTE:

The Default Guest Service column is displayed only if guest auto-registration is enabled in guest parameters.

Specifying the default guest policy

1. Click the User tab.

2. From the navigation tree, select Guest > Guest Policy.

3. In the guest policy list, click the Modify icon for the default guest policy.

The Guest Parameters Settings page opens.

4. Configure the default guest policy parameters, as shown in Figure 27:

a. Select Enable from the Guest Auto-Registration list.

b. Select SMS Message from the Send Guest Password by list.

Figure 27 Modifying the default guest policy

5. Click OK.

Configuring the router

1. Configure a RADIUS scheme:

# Create a RADIUS scheme named rs1.

<VSR> system-view

[VSR] radius scheme rs1

# Configure UAM as the primary RADIUS authentication and accounting server.

[VSR-radius-rs1] primary authentication 192.168.40.239

[VSR-radius-rs1] primary accounting 192.168.40.239

# Configure the shared key to expert to secure RADIUS authentication and accounting communication. The key must be the same as the configuration on UAM.

[VSR-radius-rs1] key authentication simple expert

[VSR-radius-rs1] key accounting simple expert

# Configure the router to exclude domain information from the user names sent to the RADIUS server.

[VSR-radius-rs1] user-name-format without-domain

[VSR-radius-rs1] quit

# Enable the RADIUS session-control feature.

[VSR] radius session-control enable

2. Configure an ISP domain:

# Create an ISP domain named dm1.

[VSR] domain dm1

# Configure the router to use the RADIUS scheme rs1 for access users.

[VSR-isp-dm1] authentication portal radius-scheme rs1

[VSR-isp-dm1] authorization portal radius-scheme rs1

[VSR-isp-dm1] accounting portal radius-scheme rs1

[VSR-isp-dm1] quit

# Configure the domain dm1 as the default ISP domain.

[VSR] domain default enable dm1

3. Configure portal authentication:

# Configure UAM as a portal server named newpt. Configure the key for portal communication and the listening port number.

[VSR] portal server newpt

[VSR-portal-server-newpt] ip 192.168.40.239 key simple portal

[VSR-portal-server-newpt] port 50100

[VSR-portal-server-newpt] quit

# Specify the redirection URL for the portal Web server.

[VSR] portal web-server newpt

[VSR-portal-websvr-newpt] url http://192.168.40.239:8080/portal

[VSR-portal-websvr-newpt] quit

# Enable direct portal authentication on GigabitEthernet 1/0/2.

[VSR] interface gigabitethernet 1/0/2

[VSR-GigabitEthernet1/0/2] portal enable method direct

# Specify the portal Web server newpt on GigabitEthernet 1/0/2 for portal authentication.

[VSR-GigabitEthernet1/0/2] portal apply web-server newpt

# Configure the BAS-IP attribute as 192.168.70.1 for portal packets sent to the portal authentication server.

[VSR-GigabitEthernet1/0/2] portal bas-ip 192.168.70.1

[VSR-GigabitEthernet1/0/2] quit

4. Configure MAC-based quick portal authentication:

# Create the MAC binding server mts.

[VSR] portal mac-trigger-server mts

# Set the free-traffic threshold for portal users to 1024000 bytes.

[VSR-portal-mac-trigger-server-mts] free-traffic threshold 1024000

# Specify the IP address of the MAC binding server as 192.168.40.239.

[VSR-portal-mac-trigger-server-mts] ip 192.168.40.239

[VSR-portal-mac-trigger-server-mts] quit

# Specify the MAC binding server mts on GigabitEthernet 1/0/2.

[VSR] interface gigabitethernet 1/0/2

[VSR-GigabitEthernet1/0/2] portal apply mac-trigger-server mts

[VSR-GigabitEthernet1/0/2] quit

Verifying the configuration

Triggering portal authentication through a Web browser

1. Enter the URL of the portal Web server in a Web browser, enter the guest phone number in the Account field, and click Get Password, as shown in Figure 28.

Figure 28 Entering the account and obtaining the password