radius scheme cbqt_wifi_rs server-type extended
primary authentication 192.168.1.250 primary accounting 192.168.1.250
key authentication cipher $c$3$Jb32HhDG0KQEFUJK/ie49Sc5ARR1gBavK0rY+MOwlhSU= key accounting cipher $c$3$nG1DwgslbalnXYZul3aAOdVU8ro2+/cWK4Oi6adZw/Rv5ZM= user-name-format without-domain #
domain cbqt_wifi_dm
authentication portal radius-scheme cbqt_wifi_rs authorization portal radius-scheme cbqt_wifi_rs accounting portal radius-scheme cbqt_wifi_rs access-limit disable state active idle-cut disable
self-service-url disable
H3C-MSR对接配置
[BEGIN] 2015/8/12 13:13:39
version 5.20, Release 2311 #
sysname H3C-MSR #
ftp server enable #
l2tp enable #
firewall enable #
nat address-group 1 nat aging-time udp 180 #
domain default enable system #
dar p2p signature-file flash:/p2p_default.mtd #
lldp enable
#
qos carl 1 destination-ip-address range 192.169.0.31 to 192.169.0.254 per-address share d-bandwidth
qos carl 10 source-ip-address range 192.169.0.31 to 192.169.0.254 per-address shared-ba ndwidth #
portal server portal ip 192.169.0.20 key cipher $c$3$tmKimwpWYurgJSFeXElUKoFApV9rMZ6xfw == url http://192.169.0.20:8080
portal free-rule 0 source ip any destination ip 218.201.4.3 mask 255.255.255.255 portal free-rule 1 source ip any destination ip 192.169.0.20 mask 255.255.255.255 portal server portal server-detect method http action permit-all interval 60 retry 5 #
ip http port 9000 #
blacklist enable #
acl number 3000
rule 0 permit ip source 192.169.0.0 0.0.15.255 rule 1 permit ip source 192.169.101.0 0.0.0.255 rule 100 deny ip
acl number 3002 name LAN-Defend rule 0 deny tcp destination-port eq 135 rule 1 deny udp destination-port eq 135 rule 2 deny tcp destination-port eq 139
rule 3 deny udp destination-port eq netbios-dgm rule 4 deny udp destination-port eq netbios-ns rule 5 deny udp destination-port eq netbios-ssn rule 6 deny tcp destination-port eq 137 rule 7 deny tcp destination-port eq 138 rule 8 deny udp destination-port eq 136 rule 200 permit icmp
rule 300 permit ip source 192.169.0.0 0.0.15.255 rule 301 permit ip source 192.169.101.0 0.0.0.255 rule 302 permit ip source 192.169.99.0 0.0.0.7 rule 303 permit udp destination-port eq bootps rule 400 deny ip
acl number 3003 name WAN-Defend rule 0 deny tcp destination-port eq 135 rule 1 deny udp destination-port eq 135
rule 2 deny udp destination-port eq netbios-dgm rule 3 deny udp destination-port eq netbios-ns rule 4 deny udp destination-port eq netbios-ssn rule 5 deny tcp destination-port eq 139 rule 6 deny tcp destination-port eq 137
rule 7 deny tcp destination-port eq 138 rule 8 deny udp destination-port eq 136
rule 300 permit udp source-port eq dns
rule 400 permit ip destination 192.169.0.0 0.0.15.255 rule 401 permit ip destination 192.169.101.0 0.0.0.255 rule 402 permit ip destination 192.169.99.0 0.0.0.7 rule 403 permit tcp destination-port eq 22 rule 404 permit tcp destination-port eq www rule 405 permit tcp destination-port eq 443 rule 406 permit udp destination-port eq 1701 rule 407 deny ip acl number 3100
description inside access domain-server
rule 10 deny ip source 192.169.10.0 0.0.0.255 rule 11 deny ip source 192.169.11.0 0.0.0.255 rule 12 deny ip source 192.169.12.0 0.0.0.255 rule 13 deny ip source 192.169.13.0 0.0.0.255 rule 14 deny ip source 192.169.14.0 0.0.0.255 rule 15 deny ip source 192.169.15.0 0.0.0.255
rule 100 permit ip source 192.169.0.0 0.0.15.255 destination 192.169.0.20 0 rule 1000 deny ip # # vlan 1 #
radius scheme radius
primary authentication 192.169.0.20 1645 key cipher $c$3$pBtH9ea/vw5AfpLwHPg20KlJE1fGRK NHJw== primary accounting 192.169.0.20 1646 key cipher $c$3$iZTSbzm+q0xelQbsrxER90iYAQKV6aORPA ==
timer realtime-accounting 3 #
domain portal
authentication portal radius-scheme radius local authorization portal radius-scheme radius local accounting portal radius-scheme radius local access-limit disable state active idle-cut disable
self-service-url disable domain pppoe
accounting lan-access radius-scheme radius authentication ppp radius-scheme radius local authorization ppp radius-scheme radius local accounting ppp radius-scheme radius access-limit disable state active
idle-cut enable 10 10240 self-service-url disable
ip pool 3 192.169.101.2 192.169.101.254 domain pppoe-server-10
accounting lan-access radius-scheme radius authentication ppp radius-scheme radius local authorization ppp radius-scheme radius local accounting ppp radius-scheme radius access-limit disable state active
idle-cut enable 10 10240 self-service-url disable
ip pool 10 192.169.10.2 192.169.10.254 domain pppoe-server-11
accounting lan-access radius-scheme radius authentication ppp radius-scheme radius local authorization ppp radius-scheme radius local accounting ppp radius-scheme radius access-limit disable state active
idle-cut enable 10 10240 self-service-url disable
ip pool 11 192.169.11.2 192.169.11.254 domain pppoe-server-12
accounting lan-access radius-scheme radius authentication ppp radius-scheme radius local authorization ppp radius-scheme radius local accounting ppp radius-scheme radius access-limit disable state active
idle-cut enable 10 10240 self-service-url disable
ip pool 12 192.169.12.2 192.169.12.254 domain pppoe-server-13
accounting lan-access radius-scheme radius authentication ppp radius-scheme radius local authorization ppp radius-scheme radius local accounting ppp radius-scheme radius
access-limit disable state active
idle-cut enable 10 10240 self-service-url disable
ip pool 13 192.169.13.2 192.169.13.254 domain pppoe-server-14
accounting lan-access radius-scheme radius authentication ppp radius-scheme radius local authorization ppp radius-scheme radius local accounting ppp radius-scheme radius access-limit disable state active
idle-cut enable 10 10240 self-service-url disable
ip pool 14 192.169.14.2 192.169.14.254 domain pppoe-server-15
accounting lan-access radius-scheme radius authentication ppp radius-scheme radius local authorization ppp radius-scheme radius local accounting ppp radius-scheme radius access-limit disable state active
idle-cut enable 10 10240 self-service-url disable
ip pool 15 192.169.15.2 192.169.15.254 domain system
authentication ppp local access-limit disable state active idle-cut disable
self-service-url disable
ip pool 2 192.169.99.2 192.169.99.10 #
pki entity ssl
common-name ssl organization-unit xxzx organization gxgs locality chongqing state chongqing country cn #
pki domain ssl ca identifier ssl
certificate request from ra