10 元
下载资源

AC典型组网及配置

上传人:沙** 文档编号:243135407 上传时间:2024-09-16 格式:PPTX 页数:70 大小:941.92KB
返回 下载 相关 举报
AC典型组网及配置_第1页
第1页 / 共70页
AC典型组网及配置_第2页
第2页 / 共70页
AC典型组网及配置_第3页
第3页 / 共70页
点击查看更多>>
资源描述
单击此处编辑母版标题样式,单击此处编辑母版文本样式,第二级,第三级,第四级,第五级,2011-2-14,#,AC,典型组网及配置,基本内容,WEB+DHCP,认证流程,典型组网,2/3,层隧道的典型场景及配置,N+1,的组网及配置,双,portal,和双,radius,的组网及配置,WEB+DHCP,认证流程,WEB,认证,基于,WEB,认证方式,是以,AC/SC,作为,WLAN,用户接入认证点。,WEB+DHCP,认证流程,WEB+DHCP,认证流程,WLAN,用户终端,WLAN,用户终端要求安装,802.11b,无线网卡和,WEB,浏览器软件。,WLAN,接入点(,AP,),AP,用于,WLAN,用户的无线接入。,WLAN,业务用户接入认证点和业务控制点(,AC/SC,),AC,检查连接用户是否已经通过用户认证,并和后台,WLAN WEB,认证服务器协同工作完成对,WLAN,用户的认证。,SC,用于用户在,WLAN,接入过程中的业务控制,包括强制,portal,等。,WEB+DHCP,认证流程,portal,服务器,完成向,WLAN,用户推送认证页面和门户网站。,radius,用户认证服务器,radius,用户认证服务器完成基于,WEB,方式的用户认证。,WEB+DHCP,认证流程,WEB+DHCP,认证流程,1,、用户通过标准的,DHCP,协议,通过,AC,获取到规划的,IP,地址。,2,、用户打开,IE,,访问某个网站,发起,HTTP,请求。,3,、,AC,截获用户的,HTTP,请求,由于用户没有认证过,就强制到,Portal,服务器。并在强制,Portal URL,中加入相关参数。,4,、,Portal,服务器向,WLAN,用户终端推送,WEB,认证页面。,5,、用户在认证页面上填入用户名、密码等信息,提交到,Portal,服务器。,WEB+DHCP,认证流程,6,、,Portal,服务器接收到用户信息,向,Radius,发出用户信息查询请求。,7,、,Radius,验证用户密码、查询用户信息,并向,Portal,返回查询结果及系统配置的单次连接最大时长,(SessionTimeout),、手机用户及卡用户的套餐剩余时长信息,(AvailableTime),。,8,、,如查询成功,,Portal,服务器按照,CHAP,流程向,AC,请求,Challenge,。如果查询失败,,Portal,直接返回提示信息给用户,流程至此结束。,9,、,AC,返回,Challenge,,包括,Challenge ID,和,Challenge,。,WEB+DHCP,认证流程,10,、,Portal,将密码和,Challenge ID,及,Challenge,做,MD5,算法后的,Challenge-Password,,和帐号一起提交到,AC,,发起认证。,11,、,AC,将,Challenge ID,、,Challenge,、,Challenge-Password,、,Called-Station-ID,和帐号一起送到中央,RADIUS,用户认证服务器,由中央,RADIUS,用户认证服务器进行认证。,12,、中央,RADIUS,服务器根据用户信息判断用户是否合法(对于省内预付费卡用户,还需要判断用户接入地和归属地是否一致)。,RADIUS,对用户密码分别进行静态密码和动态密码两次密码认证。如果其中一次成功,,RADIUS,向,AC,返回认证成功报文,并携带协议参数,以及用户的相关业务属性给用户授权。如果两次都失败,,RADIUS,向,AC,返回认证失败报文。,WEB+DHCP,认证流程,13,、,AC,返回认证结果给,Portal,服务器。(以及相关业务属性。),14,、,Portal,服务器根据认证结果,推送认证结果页面。如果成功,根据编码规则判断帐户的归属地,推送归属地定制的个性化页面,并将认证结果、系统配置的单次连接最大时长、套餐剩余时长、自服务选项填入页面,和门户网站一起推送给客户,同时启动正计时提醒。如果失败,页面提示用户失败原因。,WEB+DHCP,认证流程,15,、,Portal,服务器回应,AC,收到认证结果报文。如果认证失败,则流程到此结束。,16,、认证如果成功,,AC,发起计费开始请求给中央,RADIUS,用户认证服务器。,17,、中央,RADIUS,回应计费开始响应报文,并将响应信息返回给,AC,。用户上线完毕,开始上网。,18,、在用户上网过程中,为了保护用户计费信息,每隔一段时间,AC,就向中央,RADIUS,用户认证服务器报一个实时计费信息,包括当前用户上网总时长,以及用户总流量信息。,WEB+DHCP,认证流程,19,、中央,RADIUS,计费服务器回应实时计费确认报文给,AC,。,20,、当,AC,收到下线请求时,向,RADIUS,用户认证服务器发计费结束报文。,21,、中央,RADIUS,计费服务器回应,AC,的计费结束报文,。,WEB+DHCP,认证流程,WEB,用户下线流程,WEB,用户下线流程包括用户主动下线和异常下线两类情况。异常下线指,AC,侦测到用户下线。,WEB+DHCP,认证流程,WEB+DHCP,认证流程,当用户需要下线时,可以点击认证结果页面上的下线机制,向,Portal,服务器发起一个下线请求。,1,、,Portal,服务器向,AC,发起下线请求。,2,、,AC,返回下线结果给,Portal,服务器。,3,、,Portal,服务器根据下线结果,推送含有对应的信息的页面给用户。,4,、当,AC,收到下线请求时,向向,RADIUS,用户认证服务器发计费结束报文。,5,、,RADIUS,用户认证服务器回应,AC,的计费结束报文,。,WEB+DHCP,认证流程,WEB+DHCP,认证流程,1,、,AC,侦测到用户下线,向,Portal,服务器发出下线请求。,2,、,Portal,服务器回应下线成功。,3,、当,AC,收到下线请求时,向计费服务器发计费结束报文。,4,、计费服务器回应,AC,的计费结束报文。,2/3,层隧道的具体应用场景及配置,1,、本地转发,AC,做无线控制器,+BRAS,使用(一般为串接),AC,只做无线控制器(一般为旁挂),2,、集中转发,三层隧道(串接、旁挂),二层隧道(一般为旁挂),本地转发(,AC+BRAS,),本地转发(,AC,),集中转发(三层隧道,-,串接),集中转发(三层隧道,-,旁挂),本地转发,本地转发,Login:bnas,Password:bnas,Bnasena,Password:super,Bans#config ter,Bans,(,config,),#interface Fastethernt 1/21.0,Bans,(,config,),#ip address 10.1.1.1 255.255.255.0,Bnas,(,config,),#exit,本地转发,Bans,(,config,),#ip dhcp server 10.1.1.1,Bnas,(,config,),#ip-pool ap,Bans,(,ip-pool,),#ipaddress 80.1.1.1 255.255.255.0,Bans,(,ip-pool,),#alloc-mode localdhcp,Bans,(,ip-pool,),#default-route 80.1.1.1,Bans,(,ip-pool,),#option-60 ac-manage-ip 10.1.1.3,Bans,(,ip-pool,),#option-60 enterprise-code 8458,Bans,(,ip-pool,),#option-43 ip-list 10.1.1.3,Bans,(,ip-pool,),#available-interface port 3,Bans,(,ip-pool,),#exit,本地转发,Bnas,(,config,),#ip-pool sta,Bans,(,ip-pool,),#ipaddress 90.1.1.1 255.255.255.0,Bans,(,ip-pool,),#alloc-mode localdhcp,Bans,(,ip-pool,),#default-route 90.1.1.1,Bans,(,ip-pool,),#available-interface port 3,Bans,(,ip-pool,),#end all,三层隧道,三层隧道,Bnas,(,config,),#,system mode fit-ap,Bnas,(,config,),#,ip dhcp server 10.1.1.1,Bnas,(,config,),#,ip dhcp active,Bnas,(,config,),#,hostname AC,Bnas,(,config,),#,system data-tunnel layer3,Bnas,(,config,),#,wireless data-sync enable,Bnas,(,config,),#,wireless local-tunnel-ip 10.1.1.1,Bnas,(,config,),#,wireless ap-tunnel-port 5248,Bnas,(,config,),#,portalserver 10.1.1.1,Bnas,(,config,),#,rule dns permit udp 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 53,三层隧道,Bnas,(,config,),#,rule portalserver permit ip 0.0.0.0 0.0.0.0 10.1.1.1 255.255.255.255,Bnas,(,config,),#,rule radiusserver permit ip 0.0.0.0 0.0.0.0 172.16.0.3 255.255.255.255,Bnas,(,config,),#,wlan enable,Bnas,(,config,),#,interface FastEthernet 1/21.0,Bnas,(,config-if,),#,ip address 10.1.1.1 255.255.255.0,Bnas,(,config,),#,interface FastEthernet 1/4.0,Bnas,(,config-if,),#,ip address 172.16.0.2 255.255.255.0,Bnas,(,config,),#,interface FastEthernet 1/3.0,三层隧道,Bnas,(,config,),#,radius-client,ipaddress 172.16.0.2,cache-interval 0,auth-port 1812,account-port 1813,radius-server 172.16.0.3 authentication,key 88-89,udp-port 1812,radius-server 172.16.0.3 accounting,key 88-89,udp-port 1813,三层隧道,Bnas,(,config,),#,domain default,aaa authentication radius,aaa accounting radius,radius server 172.16.0.3 authentication,radius server 172.16.0.3 accounting,Bnas,(,config,),#,filter-policy web,filter-rule portalserver,filter-rule radiusserver,filter-rule dns,Bnas,(,config,),#,service-policy web,filter-policy web,三层隧道,Bnas,(,config,),#,ip-pool STA,ipaddress 50.1.1.1 255.255.255.0,alloc-mode localdhcp,default-router 50.1.1.1,max-lease 300,available-interface port 0-7,dns-server 202.106.196.115 202.106.0.20,service-policy web,三层隧道,Bnas,(,config,),#,ip-pool WTP,ipaddress 60.1.1.1 255.255.255.0,alloc-mode localdhcp,default-router 60.1.1.1,option-43 ip-list 10.1.1.3,option-60 enterprise-code 8458,option-60 ac-manage-ip 10.1.1.3,available-interface port 0-7,max-lease 60,Bnas,(,config,),#,ip route 0.0.0.0 0.0.0.0 172.16.0.3,二层隧道,二层隧道,Bnas,(,config,),#,ip dhcp server 10.1.1.1,Bnas,(,config,),#,ip dhcp active,Bnas,(,config,),#,hostname AC,Bnas,(,config,),#,system mode fit-ap,Bnas,(,config,),#,system data-tunnel layer2,Bnas,(,config,),#,igmp-proxy turn on,Bnas,(,config,),#,wireless data-sync enable,Bnas,(,config,),#,wireless local-tunnel-ip 10.1.1.1,Bnas,(,config,),#,wireless ap-tunnel-port 5248,二层隧道,Bnas,(,config,),#,interface FastEthernet 1/21.0,ip address 10.1.1.1 255.255.255.0,Bnas,(,config,),#,interface FastEthernet 1/5.0,ip address 192.168.11.1 255.255.255.248,port-trunk,Bnas,(,config,),#,interface FastEthernet 1/4.0,port-access,二层隧道,Bnas,(,config,),#,ip-pool WTP,ipaddress 60.1.1.1 255.255.255.0,alloc-mode localdhcp,default-router 60.1.1.1,option-43 ip-list 10.1.1.3,option-60 enterprise-code 8458,option-60 ac-manage-ip 10.1.1.3,available-interface port 0-7,max-lease 60,N+1,场景及配置,N+1,场景及配置,AC1,配置,config terminal,hostname master10,ip dhcp server 1.0.0.1,rule rule-dns permit udp 0.0.0.0 0.0.0.0 0 0.0.0.0 0.0.0.0 53,rule rule-portal permit ip 0.0.0.0 0.0.0.0 192.168.2.21 255.255.255.255,ip nat router,portalserver 192.168.2.21,hotstandby preempt-mode enable,hotstandby priority 100,N+1,场景及配置,ip nat pool out22 192.168.2.4 255.255.255.255,ip nat pool in1 101.0.0.1 255.255.255.0,ip nat inside in1 out22 overload,hotstandby access-port 8,hotstandby track-port 8,hotstandby track-port 19,hotstandby track-port 0,N+1,场景及配置,interface FastEthernet 1/19.0,ip address 20.0.0.20 255.255.255.0,standby peerip 20.0.0.21 group-id 10,interface FastEthernet 1/0.0,ip address 192.168.2.40 255.255.255.0,standby vrip 192.168.2.4 group-id 10,ip nat outside,interface FastEthernet 1/2.0,ip address 1.0.0.1 255.255.255.0,interface FastEthernet 1/21.0,ip address 10.1.1.4 255.255.255.0,N+1,场景及配置,radius-client,cache-interval 0,ipaddress 192.168.2.4,radius-server 192.168.3.249 authentication,key bgate,udp-port 1645,radius-server 192.168.3.249 accounting,key bgate,udp-port 1646,N+1,场景及配置,filter-policy port-dns,filter-rule rule-dns,filter-rule rule-portal,domain group10,aaa authentication radius,aaa accounting radius,radius server 192.168.3.249 authentication,radius server 192.168.3.249 accounting,N+1,场景及配置,ip-pool ap_group10,ipaddress 100.0.0.1 255.255.255.0,alloc-mode localdhcp,max-lease 300,default-router 100.0.0.1,option-60 enterprise-code 1234,available-interface port 3,N+1,场景及配置,ip-pool dhcp_group10,ipaddress 101.0.0.1 255.255.255.0,alloc-mode localdhcp,dns-server 221.4.8.1,default-router 101.0.0.1,max-lease 180,filter-policy port-dns,available-interface port 8,available-interface port 1,available-interface port 3,available-interface port 4,ip route 0.0.0.0 0.0.0.0 192.168.2.1,N+1,场景及配置,AC2,配置,config terminal,hostname master11,ip dhcp server 1.0.0.1,rule rule-dns permit udp 0.0.0.0 0.0.0.0 0 0.0.0.0 0.0.0.0 53,ip nat router,ip nat pool out 192.168.2.6 255.255.255.255,ip nat pool in 103.0.0.1 255.255.255.0,rule rule-portal permit ip 0.0.0.0 0.0.0.0 192.168.2.21 255.255.255.255,portalserver 192.168.2.21,N+1,场景及配置,hotstandby preempt-mode enable,hotstandby access-port 9,ip nat inside in out overload,hotstandby priority 100,hotstandby track-port 9,hotstandby track-port 0,hotstandby track-port 21,N+1,场景及配置,interface FastEthernet 1/21.0,ip address 21.0.0.21 255.255.255.0,standby peerip 21.0.0.22 group-id 11,interface FastEthernet 1/0.0,ip address 192.168.2.60 255.255.255.0,standby vrip 192.168.2.6 group-id 11,ip nat outside,interface FastEthernet 1/2.0,ip address 1.0.0.1 255.255.255.0,N+1,场景及配置,r,adius-client,cache-interval 0,ipaddress 192.168.2.6,radius-server 192.168.3.249 authentication,key bgate,udp-port 1645,radius-server 192.168.3.249 accounting,key bgate,udp-port 1646,N+1,场景及配置,filter-policy port-dns,filter-rule rule-dns,filter-rule rule-portal,domain default,domain group11,radius server 192.168.3.249 authentication,radius server 192.168.3.249 accounting,aaa authentication radius,aaa accounting radius,N+1,场景及配置,ip-pool ap_group11,ipaddress 102.0.0.1 255.255.255.0,alloc-mode localdhcp,max-lease 300,default-router 102.0.0.1,available-interface port 9,option-60 enterprise-code 1234,N+1,场景及配置,ip-pool dhcp_group11,ipaddress 103.0.0.1 255.255.255.0,alloc-mode localdhcp,dns-server 221.4.8.1,default-router 103.0.0.1,max-lease 180,filter-policy port-dns,available-interface port 9,ip route 0.0.0.0 0.0.0.0 192.168.2.1,N+1,场景及配置,AC3,配置,hostname standby,ip dhcp server 1.0.0.1,portalserver 192.168.2.21,rule rule-dns permit udp 0.0.0.0 0.0.0.0 0 0.0.0.0 0.0.0.0 53,rule rule-portal permit ip 0.0.0.0 0.0.0.0 192.168.2.21 255.255.255.255,ip nat router,ip nat pool out 192.168.2.6 255.255.255.255,ip nat pool in 103.0.0.1 255.255.255.0,ip nat pool out22 192.168.2.4 255.255.255.255,N+1,场景及配置,hotstandby access-port 8-10,ip nat pool in1 101.0.0.1 255.255.255.0,ip nat inside in out overload,ip nat inside in1 out22 overload,hotstandby preempt-mode enable,hotstandby track-port 8,hotstandby track-port 9,hotstandby track-port 0,hotstandby track-port 20,hotstandby track-port 21,N+1,场景及配置,interface FastEthernet 1/2.0,ip address 1.0.0.1 255.255.255.0,interface FastEthernet 1/21.0,ip address 21.0.0.22 255.255.255.0,standby peerip 21.0.0.21 group-id 11,interface FastEthernet 1/20.0,ip address 20.0.0.21 255.255.255.0,standby peerip 20.0.0.20 group-id 10,interface FastEthernet 1/0.0,ip address 192.168.2.80 255.255.255.0,standby vrip 192.168.2.6 group-id 11,standby vrip 192.168.2.4 group-id 10,ip nat outside,N+1,场景及配置,radius-client,cache-interval 0,ipaddress 192.168.2.6,radius-server 192.168.3.249 authentication,key bgate,udp-port 1645,radius-server 192.168.3.249 accounting,key bgate,udp-port 1646,N+1,场景及配置,filter-policy port-dns,filter-rule rule-dns,filter-rule rule-portal,domain group11,aaa authentication radius,aaa accounting radius,radius server 192.168.3.249 authentication,radius server 192.168.3.249 accounting,N+1,场景及配置,domain group10,aaa authentication radius,aaa accounting radius,radius server 192.168.3.249 authentication,radius server 192.168.3.249 accounting,N+1,场景及配置,ip-pool ap_group11,ipaddress 102.0.0.1 255.255.255.0,alloc-mode localdhcp,max-lease 300,default-router 102.0.0.1,available-interface port 9,option-60 enterprise-code 1234,vrrp-group-id 11,N+1,场景及配置,ip-pool dhcp_group11,ipaddress 103.0.0.1 255.255.255.0,alloc-mode localdhcp,dns-server 221.4.8.1,default-router 103.0.0.1,max-lease 180,filter-policy port-dns,available-interface port 9,vrrp-group-id 11,N+1,场景及配置,ip-pool ap_group10,ipaddress 100.0.0.1 255.255.255.0,alloc-mode localdhcp,max-lease 300,default-router 100.0.0.1,available-interface port 8,option-60 enterprise-code 1234,vrrp-group-id 10,N+1,场景及配置,ip-pool dhcp_group10,ipaddress 101.0.0.1 255.255.255.0,alloc-mode localdhcp,default-router 101.0.0.1,dns-server 221.4.8.1,max-lease 180,available-interface port 8,filter-policy port-dns,vrrp-group-id 10,available-interface port 1,available-interface port 3,available-interface port 4,ip route 0.0.0.0 0.0.0.0 192.168.2.1,双,portal,和双,radius,组网和配置,config terminal,hostname ZZ-SYDAC7000-XDL-Active,ip dhcp active,ip dhcp server 211.142.237.137,ip nat router,ip nat static inside 192.168.100.2 211.142.237.141 255.255.255.255,hotstandby priority 150,hotstandby access-port 1,hotstandby track-port 1,hotstandby track-port 0,双,portal,和双,radius,组网和配置,wlan disable,Front-Port-Serdes port 3,ex-portal ac-name 4001.0731.731.00,portalserver 211.142.211.10 external url-head http:/211.142.211.10,wapi enable,web redirect-delay 0,portal-secure-off,nas-identifier 4014.0731.731.00.460,双,portal,和双,radius,组网和配置,rule portal permit ip 0.0.0.0 0.0.0.0 211.142.211.10 255.255.255.255,rule dns1 permit ip 0.0.0.0 0.0.0.0 211.136.17.108 255.255.255.255,rule dns2 permit ip 0.0.0.0 0.0.0.0 211.142.236.87 255.255.255.255,portal-bind-type domain-,使用,domain,中的,portalual,,绑定域,域名需要配置为,SSID,wireless ssid-match-domain enable-,不同的,ssid,使用不同的,radius,双,portal,和双,radius,组网和配置,interface GigabitEthernet 1/1.0,duplex full,description link-xiaxing,interface GigabitEthernet 1/2.0,duplex full,ip address 192.168.100.1 255.255.255.0,interface GigabitEthernet 1/3.0,ip address 192.168.150.1 255.255.255.0,standby peerip 192.168.150.2 group-id 10,duplex full,双,portal,和双,radius,组网和配置,interface FastEthernet 0/0,ip address 192.168.3.1 255.255.255.0,interface GigabitEthernet 1/0.0,ip address 211.142.237.137 255.255.255.248,standby vrip 211.142.237.139 group-id 10,ip nat outside,duplex full,description Link-shangxing,双,portal,和双,radius,组网和配置,radius-client,ipaddress 211.142.237.139,cache-interval 0,radius-server 211.142.211.7 authentication,key hnydtest,radius-server 211.142.211.7 accounting,key hnydtest,radius-server 211.142.211.8 authentication,key hnydtest,radius-server 211.142.211.8 accounting,双,portal,和双,radius,组网和配置,domain 123-,已有的,ssid,portal-url http:/211.142.211.253/wlan/index.php,radius server 211.142.211.7 authentication,radius server 211.142.211.7 accounting,domain 456-,已有的,ssid,portal-url http:/211.142.211.254/portal,radius server 211.142.211.8 authentication,radius server 211.142.211.8 accounting,
展开阅读全文
相关资源
正为您匹配相似的精品文档
相关搜索

最新文档


当前位置:首页 > 图纸专区 > 小学资料


copyright@ 2023-2025  zhuangpeitu.com 装配图网版权所有   联系电话:18123376007

备案号:ICP2024067431-1 川公网安备51140202000466号


本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。装配图网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知装配图网,我们立即给予删除!