由于设备与云简网络的通信是基于解析云简网络域名,因此需要配置DNS服务器,host。
cloud-management server domain oasis.h3c.com
dns server 114.114.114.114
ip host oasisauth.h3c.com 101.36.161.146
ip host oasis.h3c.com 101.36.161.141
查看AC与云简网络的通信状态
display cloud-management state
AC需要配置NTP服务器同步时间,保证AC与云简网络上数据的同步
ntp-service enable
ntp-service unicast-server registry.h3c.com priority
ntp-service unicast-server pool.ntp.org
ntp-service unicast-server time.windows.com
ntp-service unicast-server time.nist.gov
domain cloud
authorization-attribute idle-cut 30 10240
authorization-attribute session-timeout 360
authentication portal none
authorization portal none
accounting portal none
配置web服务连接
portal web-server test
url http://oasisauth.h3c.com/portal/protocol
server-type oauth
优化苹果手机认证
portal web-server test
captive-bypass ios optimize enable
if-match user-agent CaptiveNetworkSupport redirect-url http://oasisauth.h3c.com/generate_404
if-match user-agent Dalvik/2.1.0(Linux;U;Android7.0;HUAWEI redirect-url http://oasisauth.h3c.com/generate_404
if-match original-url http://10.168.168.168 temp-pass
if-match original-url http://captive.apple.com user-agent Mozilla temp-pass redirect-url http://oasisauth.h3c.com/portal/protocol
if-match original-url http://o2o.gtimg.com/wifi/echo temp-pass redirect-url http://oasisauth.h3c.com/generate_404
if-match original-url http://www.apple.com user-agent Mozilla temp-pass redirect-url http://oasisauth.h3c.com/portal/protocol
认证界面是http方式(目前不支持https)
[AC] portal local-web-server http
[AC] portal host-check enable
配置免认证规则
portal client-gateway interface Vlan-interface999 (认证的业务vlan)
portal free-rule 2346257224 destination open.weixin.qq.com
portal free-rule 2346257225 destination ip any tcp 5223
portal free-rule 2346257226 destination ip 114.114.114.114 255.255.255.255
portal free-rule 2346257227 destination ip any udp 53
portal free-rule 2346257228 destination ip any tcp 53
portal free-rule 2346257229 destination oasisauth.h3c.com
portal free-rule 2346257230 destination short.weixin.qq.com
portal free-rule 2346257231 destination mp.weixin.qq.com
portal free-rule 2346257232 destination long.weixin.qq.com
portal free-rule 2346257233 destination dns.weixin.qq.com
portal free-rule 2346257234 destination minorshort.weixin.qq.com
portal free-rule 2346257235 destination extshort.weixin.qq.com
portal free-rule 2346257236 destination szshort.weixin.qq.com
portal free-rule 2346257237 destination szlong.weixin.qq.com
portal free-rule 2346257238 destination szextshort.weixin.qq.com
portal free-rule 2346257239 destination isdspeed.qq.com
portal free-rule 2346257240 destination wx.qlogo.cn
portal free-rule 2346257241 destination long.open.weixin.qq.com
portal free-rule 2346257242 destination res.wx.qq.com
portal free-rule 2346257243 destination wifi.weixin.qq.com
portal safe-redirect enable
portal safe-redirect user-agent Android
portal safe-redirect user-agent CaptiveNetworkSupport
portal safe-redirect user-agent MicroMessenger
portal safe-redirect user-agent Mozilla
portal safe-redirect user-agent WeChat
portal safe-redirect user-agent micromessenger
#配置web服务。
[AC] ip http enable
[AC] ip https enable
然后在AC上的无线模板上应用
配置完后,不行在重启AC
