Versions Compared

Old Version 5

changes.mady.by.user Anton Vinokurov

Saved on

compared with

New Version 6

changes.mady.by.user Anton Vinokurov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

На стороне WNAM необходимо создать сервер доступа типа Aruba, указать IP-адрес, соответствующий NAS-IP-Address в RADIUS-пакетах от контроллера. Обратите внимание - контроллер Aruba не поддерживает определение имени абонентского устройства (через разбор DHCP-пакетов), а также экспорт статистики NetFlow.

Для примера также приведен текстовый конфигурационный файл:

ip access-list standard wnam_whitelist
 permit host 89.11.95.19
netdestination wnam_destination
 host 89.11.95.19
ip access-list session wnam_access
 user host 89.11.95.19 svc-http permit
user-role guest-logon
 captive-portal "wnam_captive_portal"
 access-list session ra-guard
 access-list session logon-control
 access-list session captiveportal 
 access-list session v6-logon-control
 access-list session captiveportal6
user-role guest
 access-list session global-sacl
 access-list session apprf-guest-sacl
 access-list session ra-guard
 access-list session http-acl
 access-list session https-acl
 access-list session dhcp-acl
 access-list session icmp-acl
 access-list session dns-acl
 access-list session v6-http-acl
 access-list session v6-https-acl
 access-list session v6-dhcp-acl
 access-list session v6-icmp-acl
 access-list session v6-dns-acl
 access-list session wnam_access
aaa rfc-3576-server "89.11.95.19"
 key XXX
aaa authentication mac "wnam_mac_authprofile"
 delimiter colon
 case upper
aaa authentication-server radius "wnam_radius"
 host "89.11.95.19"
 key XXX
 nas-identifier "Aruba"
 nas-ip 89.11.95.20
 mac-delimiter colon
 called-station-id type macaddr include-ssid enable delimiter colon
aaa server-group "wnam_radius_sg"
 auth-server wnam_radius
aaa profile "wnam_aaa_profile"
 initial-role "guest-logon"
 mac-server-group "wnam_radius_sg"
 radius-accounting "wnam_radius_sg"
 radius-interim-accounting
 rfc-3576-server "89.11.95.19"
aaa authentication captive-portal "wnam_captive_portal"
 server-group "wnam_radius_sg" 
 guest-logon
 no logout-popup-window
 protocol-http
 login-page "http://89.11.95.19/cp/aruba"
 welcome-page "http://89.11.95.19/cp/aruba?welcome"
 no enable-welcome-page
 switchip-in-redirection-url
 user-vlan-in-redirection-url
 ip-addr-in-redirection-url "89.11.95.20"
 white-list "wnam_destination"
 apple-cna-bypass
wlan virtual-ap "guestnet"
 aaa-profile "wnam_aaa_profile"
 ssid-profile "cittel-aruba"
 vlan 162
 band-steering
 broadcast-filter all
 deny-inter-user-traffic
 dos-prevention
 wmm-traffic-management-profile "wnm"
!
ap-group "guestnet"
 virtual-ap "guestnet"