0
点赞
收藏
分享

微信扫一扫

自学Aruba5.3.3-Aruba安全认证-有PEFNG 许可证环境的认证配置Captive-Portal

四月天2021 2022-08-19 阅读 30
服务器初始化用户组编程语言


自学Aruba5.3.3-Aruba安全认证-有PEFNG 许可证环境的认证配置Captive-Portal

1. Captive-Portal认证配置前言

1.1 新建web认证服务器派生角色

在导入了PEFNG许可证后,系统不会对Web认证的aaa authentication captive-protal自动生成一个对应的role,因此需要为认证前的用户派生一个角色,并设置弹出认证界面。

1.2 新建web认证服务器派生角色

由于Policy“logon-control”中的允许ping的rule,使得web认证的用户接入SSID后,可以ping通其他地址,容易给客户造成误解。因此建议把配置web认证前,把策略“logon-control”中的允许ping关闭。 

1 (Aruba650) (config) #ip access-list session logon-control
2 (Aruba650) (config-sess-logon-control)# no any any "svc-icmp" deny    ## 关闭logon-control角色中ping功能

1 (Aruba650) (config) #user-role yk-web           */ 定义Captive-Portal的角色为yk-web
2 (Aruba650) (config-role) #session-acl logon-control
3 (Aruba650) (config-role) #session-acl captiveportal 
4 (Aruba650) (config-role) #session-acl vpnlogon 
5 (Aruba650) (config-role) #captive-portal web-auth
6 (Aruba650) (config-role) #exit

2.Captive-Portal认证配置命令

2.1 采用InterDB认证服务器完成Captive-Portal认证

1 (Aruba650) (config) #aaa server-group web-server
 2 (Aruba650) (Server Group "web-server") #auth-server Internal
 3 (Aruba650) (Server Group "web-server") #set role condition role value-of
 4 (Aruba650) (Server Group "web-server") #exit
 5 
 6 (Aruba650) (config) #aaa authentication captive-portal web-auth
 7 (Aruba650) (Captive Portal Authentication Profile "web-auth") #server-group web-server
 8 (Aruba650) (Captive Portal Authentication Profile "web-auth") #protocol-http    ##采用http进行认证
 9 (Aruba650) (Captive Portal Authentication Profile "web-auth") #redirect-pause 1 ##认证后自动跳转1s
10 (Aruba650) (Captive Portal Authentication Profile "web-auth") #default-role authenticated  ##定义认证后的默认角色,如果没有服务器派生角色产生,用户将得到该角色
11 (Aruba650) (Captive Portal Authentication Profile "web-auth") #exit
12 
13 (Aruba650) (config) #ip access-list session logon-control
14 (Aruba650) (config-sess-logon-control)# no any any "svc-icmp" deny   ##关闭ping
15 
16 (Aruba650) (config) #user-role yk-web
17 (Aruba650) (config-role) #session-acl logon-control
18 (Aruba650) (config-role) #session-acl captiveportal 
19 (Aruba650) (config-role) #session-acl vpnlogon 
20 (Aruba650) (config-role) #captive-portal web-auth
21 (Aruba650) (config-role) #exit
22 
23 (Aruba650) (config) #aaa profile web-profile
24 (Aruba650) (AAA Profile "web-profile") #initial-role yk-web          ##认证前的初始化派生角色,跳转到Captive-Portal认证页面
25 (Aruba650) (AAA Profile "web-profile") #exit
26 
27 (Aruba650) (config) #wlan ssid-profile web-ssid
28 (Aruba650) (SSID Profile "web-ssid") #essid webyk
29 (Aruba650) (SSID Profile "web-ssid") #exit
30 
31 (Aruba650) (config) #wlan virtual-ap web-vap
32 (Aruba650) (Virtual AP profile "web-vap") #aaa-profile web-profile
33 (Aruba650) (Virtual AP profile "web-vap") #ssid-profile web-ssid
34 (Aruba650) (Virtual AP profile "web-vap") #vlan 1
35 (Aruba650) (Virtual AP profile "web-vap") #exit
36 
37 (Aruba650) (config) #ap-group webyk
38 (Aruba650) (AP group "webyk") #virtual-ap web-vap
39 (Aruba650) (AP group "webyk") #exit

1 (Aruba650) #local-userdb add username test1 password 123456 role web-1     ##建立两两个用户test1 test2 对应派生的角色web-1 web-2
2 (Aruba650) #local-userdb add username test2 password 123456 role web-2

2.2 采用LDAP认证服务器完成Captive-Portal认证

2.2.1 LDAP相关的配置

1 (Aruba650) #configure terminal 
2 (Aruba650) (config) #aaa authentication-server ldap ad
3 (Aruba650) (LDAP Server "ad") #host 172.18.50.30
4 (Aruba650) (LDAP Server "ad") #admin-dn cn=rui,cn=Users,dc=ruitest,dc=com
5 (Aruba650) (LDAP Server "ad") #admin-passwd 123456
6 (Aruba650) (LDAP Server "ad") #allow-cleartext 
7 (Aruba650) (LDAP Server "ad") #base-dn cn=Users,dc=ruitest,dc=com
8 (Aruba650) (LDAP Server "ad") #preferred-conn-type clear-text 
9 (Aruba650) (LDAP Server "ad") #exit

1 (Aruba650) #aaa test-server pap ad carlos 123456  ##测试是否和LDAP服务器建立连接
2

1 (Aruba650) # aaa query-user ad carlos     ##  参看用户carlos,LADP返回的值
 2 
 3 objectClass: top 
 4 objectClass: person 
 5 objectClass: organizationalPerson 
 6 objectClass: user 
 7 cn: carlos
 8 sn: carlos
 9 distinguishedName: CN=carlos,CN=Users,DC=ruitest,DC=com ##返回值的用户组,AC可以根据返回值匹配来定义该用户所属的组
10 instanceType: 4 
11 whenCreated: 20180117082111.0Z 
12 whenChanged: 20180417082815.0Z 
13 displayName: carlos
14 uSNCreated: 368694 
15 memberOf: CN=tech1,CN=Users,DC=ruitest,DC=com 
16 uSNChanged: 368706 
17 name: wang1 
18 objectGUID: n\240\203\277T\345\002K\235\202y\351\372\240<\376 
19 userAccountControl: 66048 
20

2.2.2 无线相关的配置

1 (Aruba650) #configure terminal 
 2 (Aruba650) (config) #aaa server-group web-server
 3 (Aruba650) (Server Group "web-server") #no auth-server Internal
 4 (Aruba650) (Server Group "web-server") #auth-server ad
 5 (Aruba650) (Server Group "web-server") #set role condition memberOf equals CN=tech1,CN=Users,DC=ruitest,DC=com set-value web-1    ##返回组名为test1,匹配到role web-1
 6 (Aruba650) (Server Group "web-server") #set role condition memberOf equals CN=tech2,CN=Users,DC=ruitest,DC=com set-value web-2
 7 (Aruba650) (Server Group "web-server") #exit
 8 
 9 (Aruba650) (config) #aaa authentication captive-portal web-auth
10 (Aruba650) (Captive Portal Authentication Profile "web-auth") # server-group web-server
11 (Aruba650) (Captive Portal Authentication Profile "web-auth") #protocol-http 
12 (Aruba650) (Captive Portal Authentication Profile "web-auth") #redirect-pause 1 
13 (Aruba650) (Captive Portal Authentication Profile "web-auth") #default-role authenticated  ##定义认证后的默认角色,如果没有服务器派生角色产生,用户将得到该角色
14  (Aruba650) (Captive Portal Authentication Profile "web-auth") #exit
15 
16 (Aruba650) (config) #user-role yk-web
17 (Aruba650) (config-role) #session-acl logon-control
18 (Aruba650) (config-role) #session-acl captiveportal 
19 (Aruba650) (config-role) # session-acl vpnlogon 
20 (Aruba650) (config-role) #captive-portal web-auth
21 (Aruba650) (config-role) #exit
22 
23 (Aruba650) (config) #aaa profile web-profile
24 (Aruba650) (AAA Profile "web-profile") #initial-role yk-web  ##认证前的初始化派生角色,跳转到Captive-Portal认证页面
25 (Aruba650) (AAA Profile "web-profile") #exit
26 
27 (Aruba650) (config) #wlan ssid-profile web-ssid
28 (Aruba650) (SSID Profile "web-ssid") #essid web
29 (Aruba650) (SSID Profile "web-ssid") #exit
30 
31 (Aruba650) (config) #wlan virtual-ap web-vap
32 (Aruba650) (Virtual AP profile "web-vap") #aaa-profile web-profile
33 (Aruba650) (Virtual AP profile "web-vap") #ssid-profile web-ssid
34 (Aruba650) (Virtual AP profile "web-vap") #vlan 1
35 (Aruba650) (Virtual AP profile "web-vap") #exit
36 
37 (Aruba650) (config) #ap-group webyk
38 (Aruba650) (AP group "webyk") #virtual-ap web-vap
39 (Aruba650) (AP group "webyk") #exit

2.3 采用Radis认证服务器完成Captive-Portal认证

2.3.1 Radis相关的配置 

1 (Aruba650) #configure terminal 
2 (Aruba650) (config) #aaa authentication-server radius ias 
3 (Aruba650) (RADIUS Server "ias") #host 172.18.50.88
4 (Aruba650) (RADIUS Server "ias") #key 123456
5 (Aruba650) (RADIUS Server "ias") #exit

1 (Aruba650) #aaa test-server mschapv2 ias carlos 123456  ##测试是否和IAS服务器建立连接
2 Authentication Successful                               ##认证成功

   AS的远程访问策略中,需要注意的设置如下:

 

自学Aruba5.3.3-Aruba安全认证-有PEFNG 许可证环境的认证配置Captive-Portal_初始化

2.3.2 无线相关的配置 

1 (Aruba650) #configure terminal 
 2 (Aruba650) (config) #aaa server-group web-server
 3 (Aruba650) (Server Group "web-server") #no auth-server Internal
 4 (Aruba650) (Server Group "web-server") #auth-server ad
 5 (Aruba650) (Server Group "web-server") #set role condition role value-of 
 6 (Aruba650) (Server Group "web-server") #exit
 7 
 8 (Aruba650) (config) #aaa authentication captive-portal web-auth
 9 (Aruba650) (Captive Portal Authentication Profile "web-auth") # server-group web-server
10 (Aruba650) (Captive Portal Authentication Profile "web-auth") #protocol-http 
11 (Aruba650) (Captive Portal Authentication Profile "web-auth") #redirect-pause 1 
12 (Aruba650) (Captive Portal Authentication Profile "web-auth") #default-role authenticated  ##定义认证后的默认角色,如果没有服务器派生角色产生,用户将得到该角色
13 (Aruba650) (Captive Portal Authentication Profile "web-auth") #exit
14 
15 (Aruba650) (config) #user-role yk-web
16 (Aruba650) (config-role) #session-acl logon-control
17 (Aruba650) (config-role) #session-acl captiveportal 
18 (Aruba650) (config-role) # session-acl vpnlogon 
19 (Aruba650) (config-role) #captive-portal web-auth
20 (Aruba650) (config-role) #exit
21 
22 (Aruba650) (config) #aaa profile web-profile
23 (Aruba650) (AAA Profile "web-profile") #initial-role yk-web  ##认证前的初始化派生角色,跳转到Captive-Portal认证页面
24 (Aruba650) (AAA Profile "web-profile") #exit
25 
26 (Aruba650) (config) #wlan ssid-profile web-ssid
27 (Aruba650) (SSID Profile "web-ssid") #essid web
28 (Aruba650) (SSID Profile "web-ssid") #exit
29 
30 (Aruba650) (config) #wlan virtual-ap web-vap
31 (Aruba650) (Virtual AP profile "web-vap") #aaa-profile web-profile
32 (Aruba650) (Virtual AP profile "web-vap") #ssid-profile web-ssid
33 (Aruba650) (Virtual AP profile "web-vap") #vlan 1
34 (Aruba650) (Virtual AP profile "web-vap") #exit
35 
36 (Aruba650) (config) #ap-group webyk
37 (Aruba650) (AP group "webyk") #virtual-ap web-vap
38 (Aruba650) (AP group "webyk") #exit

举报

相关推荐

自学Aruba5.3.2-Aruba安全认证-有PEFNG 许可证环境的认证配置MAC

服务器3c初始化编程语言

自学Aruba5.3.4-Aruba安全认证-有PEFNG 许可证环境的认证配置802.1x

服务器edn安全认证编程语言

自学Aruba7.2-Aruba安全认证-Portal认证(web页面配置)

web页面安全认证编程语言

自学Aruba7.4-Aruba安全认证-MAC认证(web页面配置)

web页面安全认证编程语言

自学Aruba7.3-Aruba安全认证-802.1x认证(web页面配置)

搜索web页面安全认证Java编程语言

自学Aruba7.1-Aruba安全认证-WPA2-PSK认证(web页面配置)

重新启动ip地址web页面编程语言

Aruba学习笔记10-安全认证-Portal认证(web页面配置)

Portal认证路由交换网络/安全

Aruba学习笔记09-安全认证-802.1x认证(web页面配置)

802.1x认证路由交换网络/安全

04 自学Aruba之定制AC的protal认证登陆页面

编程语言

ICP许可证的业务范围有哪些

增值电信业务经营许可证ICP许可证ICP许可证业务范围网络/安全yyds干货盘点
0 条评论