直接portal认证实验总结

免费Portal无线接入认证系统解决方案蓝海卓越基于多年的产品运营经验及对无线网络运营需求的深刻理解，针对中低端用户推出一套免费的“Web Portal无线接入认证系统”，从打造可管理、可运营的无线网络角度出发，致力于为中低端用户建设一个高效可靠、运营成本低的商用无线网络，使无线网络的部署轻松、可靠、高效。

需求分析在众多的公共场所，如：酒店、咖啡厅、学校、车站、商场等人流众多的地方，商家为了留住客户、解决客户在购物消费和等待时的上网问题，往往配置无线接入点提供给广大客户上网使用，而这种传统的输入密码方式不仅给管理带来了极大的不便，同时也具有一定的不安全性。

为了实现方便易用、安全稳定的无线接入认证，需要满足以下需求：1、方便部署、易于维护；使用此种解决方案的客户，无线认证规模都不是很大，大部分意向用户看到网上此类方案繁琐的安装介绍就已经选择止步了。

而我们提供的免费Portal 系统方案，用户可以很方便的进行安装部署，中文管理界面，易于维护。

2、能够在系统中建立上网账户，对用户进行管理；本系统采用Radius认证的方式，支持标准的Radius协议，用户可以自行选择Radius系统或者和现有的Radius系统对接。

免费版Portal系统集成FreeRadius，能够方便的建立用户上网账户，对用户的上网时长、上传下载等进行有效管理。

3、可以设置认证界面，推送相关信息和广告内容；认证页面高度定制，可以随意的设置满足自己需求的认证页面，目前支持JAVA、PHP环境。

方案拓扑方案中所需要的设备主要包括：Portal服务器、胖AP。

Portal服务器：蓝海卓越免费版Portal系统，WINDOWS环境，安装在一台WIN 系统电脑上即可；胖AP：胖AP产品分为室内型吸顶式AP和室外型壁挂式AP，均为蓝海卓越自主开发的AP固件，集成AP、AC及路由等功能，与蓝海卓越免费版Portal系统完美对接。

方案及Portal服务器说明1、部署简单，不影响现有网络环境；Portal服务程序为WIN环境，大大降低的安装的复杂性，只需要安装在现有环境中任意一台电脑中即可；同时只需要购买蓝海卓越一台胖AP产品即可，胖AP支持多种接入方式，完全适应现有的网络环境。

1、PC机，全国portal 167 http://202.109.207.167:8088/省portal 167（河北）http://202.109.207.167:8088/HePortal/services/PortalServices测试认证失败,测试成功[loginV3]:userName:fjtest provinceCode:w.fj loginName:fjtest@w.fjipAddr:202.109.207.210LoginActionV3[LoginApply]:loginName:fjtest@w.fj ipAddr:202.109.207.210RemoteClientPortalManager timeStamp=2011-11-16 15:47:57url=http://202.109.207.167:8088/HePortal/services/PortalServices[LoginApply]:userName:fjtes loginName:fjtest@w.fj ipAddr:202.109.207.210PortalManagerImpl timeStamp=2011-11-16 15:47:57[LoginHandler]:[execute]:loginName:fjtest@w.fj ipAddr:202.109.207.210 loginOperation:2 [LoginHandler]:[execute]:ResultCode:44 ResultInfo:BAS设备告诉PortalServer此用户认证失败(发生错误)[INFO ] 2011-11-16 15:47:57,515 method:{password=123, userName=fjtes,loginName=fjtest@w.fj, ipAddr=202.109.207.210}=>{loginOperation=2};44;BAS设备告诉PortalServer此用户认证失败(发生错误)[INFO ] 2011-11-16 15:47:57,515 method:[LoginApply]:loginName:fjtest@w.fjipAddr:202.109.207.210RemoteClientPortalManager timeStamp=2011-11-16 15:47:57 resultCode=44 description=BAS设备告诉PortalServer此用户认证失败(发生错误)[INFO ] 2011-11-16 15:47:57,515 method:{password=123, userName=fjtest, pro=null, loginName=fjtest@w.fj, ipAddr=202.109.207.210, provinceCode=w.fj}=>null;44;BAS设备告诉PortalServer此用户认证失败(发生错误)2、手机，全国portal 167 http://202.109.207.167:8088/省portal 167（河北）http://202.109.207.167:8088/HePortal/services/PortalServices测试认证失败,测试成功[INFO ] 2011-11-16 15:45:03,296 method:[loginV3]:userName:fjtest provinceCode:w.fj loginName:fjtest@w.fj ipAddr:202.109.207.219LoginActionV3[INFO ] 2011-11-16 15:45:03,406 method:[LoginApply]:loginName:fjtest@w.fjipAddr:202.109.207.219RemoteClientPortalManager timeStamp=2011-11-16 15:45:03url=http://202.109.207.167:8088/HePortal/services/PortalServices[INFO ] 2011-11-16 15:45:03,609 method:[LoginApply]:userName:fjtes loginName:fjtest@w.fj ipAddr:202.109.207.219PortalManagerImpl timeStamp=2011-11-16 15:45:03[INFO ] 2011-11-16 15:45:03,671 method:[LoginHandler]:[execute]:loginName:fjtest@w.fj ipAddr:202.109.207.219 loginOperation:2[INFO ] 2011-11-16 15:45:03,687 method:[PortalInterfaceFactory]:[factory]:enter into method! [INFO ] 2011-11-16 15:45:03,687 method:[PortalInterfaceFactory]:[factory]:loginOperation:2 [INFO ] 2011-11-16 15:45:03,687 method:[PortalInterfaceFactory]:[factory]:UDPServer2 [INFO ] 2011-11-16 15:45:04,031 method:[LoginHandler]:[execute]:ResultCode:44 ResultInfo:BAS设备告诉PortalServer此用户认证失败(发生错误)[INFO ] 2011-11-16 15:45:04,031 method:{password=qq, userName=fjtes,loginName=fjtest@w.fj, ipAddr=202.109.207.219}=>{loginOperation=2};44;BAS设备告诉PortalServer此用户认证失败(发生错误)[INFO ] 2011-11-16 15:45:04,046 method:[LoginApply]:loginName:fjtest@w.fjipAddr:202.109.207.219RemoteClientPortalManager timeStamp=2011-11-16 15:45:03resultCode=44 description=BAS设备告诉PortalServer此用户认证失败(发生错误)[INFO ] 2011-11-16 15:45:04,046 method:{password=qq, userName=fjtest, pro=null, loginName=fjtest@w.fj, ipAddr=202.109.207.219, provinceCode=w.fj}=>null;44;BAS设备告诉PortalServer此用户认证失败(发生错误)3、PC机，全国portal 167 省portal 166（福建）连接成功，下线成功[INFO ] 2011-11-16 15:16:44,187 method:[loginV3]:userName:fztest@fzlan provinceCode:w.fj loginName:fztest@fzlan@w.fj ipAddr:202.109.207.210LoginActionV3[INFO ] 2011-11-16 15:16:44,375 method:[LoginApply]:loginName:fztest@fzlan@w.fj ipAddr:202.109.207.210RemoteClientPortalManager timeStamp=2011-11-16 15:16:44url=http://202.109.207.166:8080/FjPortal/services/PortalServices[INFO ] 2011-11-16 15:16:45,250 method:[LoginApply]:loginName:fztest@fzlan@w.fj ipAddr:202.109.207.210RemoteClientPortalManager timeStamp=2011-11-16 15:16:44 resultCode=0 description=请求成功[INFO ] 2011-11-16 15:16:45,250 method:{password=83330625, userName=fztest@fzlan, pro=fj, loginName=fztest@fzlan@w.fj, ipAddr=202.109.207.210, provinceCode=w.fj}=>null;0;请求成功[INFO ] 2011-11-16 15:18:57,578method:[PhoneLogoutAction]:[execute]:loginName=fztest@fzlan@w.fj[INFO ] 2011-11-16 15:18:57,578method:[PhoneLogoutAction]:[execute]:ipAddr=202.109.207.210[ERROR] 2011-11-16 15:18:57,578method:[PhoneLogoutAction]:[execute]:ipAddr=202.109.207.210&remoteAddr=202.109.207.210 [INFO ] 2011-11-16 15:18:57,734 method:[LogoutApply]:ipAddr:202.109.207.210RemoteClientPortalManager timeStamp=2011-11-16 15:18:57url=http://202.109.207.166:8080/FjPortal/services/PortalServices4、PC机，全国portal 167 省portal 166（福建）ip地址池没找到[INFO ] 2011-11-16 15:02:27,437 method:[loginV3]:userName:fjtest provinceCode:w.fj loginName:fjtest@w.fj ipAddr:202.109.207.210LoginActionV3[INFO ] 2011-11-16 15:02:27,562 method:[LoginApply]:loginName:fjtest@w.fjipAddr:202.109.207.210RemoteClientPortalManager timeStamp=2011-11-16 15:02:27url=http://202.109.207.166:8080/FjPortal/services/PortalServices[INFO ] 2011-11-16 15:02:28,125 method:[LoginApply]:loginName:fjtest@w.fjipAddr:202.109.207.210RemoteClientPortalManager timeStamp=2011-11-16 15:02:27 resultCode=11001000 description=找不到SDX信息[INFO ] 2011-11-16 15:02:28,125 method:{password=f, userName=fjtest, pro=fj,loginName=fjtest@w.fj, ipAddr=202.109.207.210, provinceCode=w.fj}=>null;11001000;找不到SDX信息5、PC机，全国portal 167 省portal 166（福建）用户认证失败[INFO ] 2011-11-16 14:58:55,343 method:[LoginHandler]:[execute]:ResultCode:44 ResultInfo:BAS设备告诉PortalServer此用户认证失败(发生错误)[INFO ] 2011-11-16 14:58:55,343 method:{password=ff, userName=fs, loginName=fse@w.fj, ipAddr=202.109.207.210}=>{loginOperation=2};44;BAS设备告诉PortalServer此用户认证失败(发生错误)[INFO ] 2011-11-16 14:58:55,343 method:[LoginApply]:loginName:fse@w.fjipAddr:202.109.207.210RemoteClientPortalManager timeStamp=2011-11-16 14:58:54 resultCode=44 description=BAS设备告诉PortalServer此用户认证失败(发生错误)[INFO ] 2011-11-16 14:58:55,343 method:{password=ff, userName=fse, pro=null,loginName=fse@w.fj, ipAddr=202.109.207.210, provinceCode=w.fj}=>null;44;BAS设备告诉PortalServer此用户认证失败(发生错误)6、手机，全国portal 167 省portal 167（河北）测试上线下认证成功[INFO ] 2011-11-16 16:20:01,218 method:[loginV3]:userName:483752463@fzlan provinceCode:w.fj loginName:483752463@fzlan@w.fj ipAddr:202.109.207.210LoginActionV3 [INFO ] 2011-11-16 16:20:01,218method:[DefaultFilter]:[doFilter]:userAgent:Post_Multipart[202.109.207.210][INFO ] 2011-11-16 16:20:01,312 method:[LoginApply]:loginName:483752463@fzlan@w.fj ipAddr:202.109.207.210RemoteClientPortalManager timeStamp=2011-11-16 16:20:01url=http://202.109.207.167:8088/HePortal/services/PortalServices[INFO ] 2011-11-16 16:20:01,390 method:[LoginApply]:userName:48375246loginName:483752463@fzlan@w.fj ipAddr:202.109.207.210PortalManagerImpltimeStamp=2011-11-16 16:20:01[INFO ] 2011-11-16 16:20:01,406method:[DefaultFilter]:[doFilter]:userAgent:null[202.109.207.210][INFO ] 2011-11-16 16:20:01,453method:[LoginHandler]:[execute]:loginName:483752463@fzlan@w.fj ipAddr:202.109.207.210 loginOperation:2[INFO ] 2011-11-16 16:20:01,453 method:[PortalInterfaceFactory]:[factory]:enter into method! [INFO ] 2011-11-16 16:20:01,453 method:[PortalInterfaceFactory]:[factory]:loginOperation:2 [INFO ] 2011-11-16 16:20:01,453 method:[PortalInterfaceFactory]:[factory]:UDPServer2 [INFO ] 2011-11-16 16:20:01,671 method:[LoginHandler]:[execute]:ResultCode:0 ResultInfo:请求成功[INFO ] 2011-11-16 16:20:01,671 method:{password=j99ume, userName=48375246, loginName=483752463@fzlan@w.fj, ipAddr=202.109.207.210}=>{loginOperation=2};0;请求成功[INFO ] 2011-11-16 16:20:01,671 method:[LoginApply]:loginName:483752463@fzlan@w.fj ipAddr:202.109.207.210RemoteClientPortalManager timeStamp=2011-11-16 16:20:01 resultCode=0 description=请求成功[INFO ] 2011-11-16 16:20:01,671 method:{password=j99ume, userName=483752463@fzlan, pro=null, loginName=483752463@fzlan@w.fj, ipAddr=202.109.207.210,provinceCode=w.fj}=>null;0;请求成功[INFO ] 2011-11-16 16:20:19,734method:[PhoneLogoutAction]:[execute]:loginName=483752463@fzlan@w.fj[INFO ] 2011-11-16 16:20:19,734method:[PhoneLogoutAction]:[execute]:ipAddr=202.109.207.210[ERROR] 2011-11-16 16:20:19,734method:[PhoneLogoutAction]:[execute]:ipAddr=202.109.207.210&remoteAddr=202.109.207.210 [INFO ] 2011-11-16 16:20:19,734method:[PhoneLogoutAction]:[execute]:loginName=483752463@fzlan@w.fj[INFO ] 2011-11-16 16:20:19,734method:[PhoneLogoutAction]:[execute]:ipAddr=202.109.207.210[ERROR] 2011-11-16 16:20:19,734method:[PhoneLogoutAction]:[execute]:ipAddr=202.109.207.210&remoteAddr=202.109.207.210 [INFO ] 2011-11-16 16:20:19,828 method:[LogoutApply]:ipAddr:202.109.207.210RemoteClientPortalManager timeStamp=2011-11-16 16:20:19url=http://202.109.207.167:8088/HePortal/services/PortalServices[INFO ] 2011-11-16 16:20:19,843 method:[LogoutApply]:ipAddr:202.109.207.210RemoteClientPortalManager timeStamp=2011-11-16 16:20:19url=http://202.109.207.167:8088/HePortal/services/PortalServices[INFO ] 2011-11-16 16:20:19,953 method:[PortalManagerImpl]:[LogoutApply]:loginName= [INFO ] 2011-11-16 16:20:19,953method:[PortalManagerImpl]:[LogoutApply]:ipAddr=202.109.207.210[ERROR] 2011-11-16 16:20:19,953method:[PortalManagerImpl]:[LogoutApply]:ipAddr=202.109.207.210&rememberAddr=202.109. 207.210[INFO ] 2011-11-16 16:20:19,968 method:[PortalInterfaceFactory]:[factory]:enter into method! [INFO ] 2011-11-16 16:20:19,968 method:[PortalInterfaceFactory]:[factory]:loginOperation:2 [INFO ] 2011-11-16 16:20:19,968 method:[PortalInterfaceFactory]:[factory]:UDPServer2 [INFO ] 2011-11-16 16:20:20,125 method:[LogoutHandler]:[execute]:ResultCode:0 ResultInfo:BAS设备告诉PortalServer此用户下线成功[INFO ] 2011-11-16 16:20:20,125 method:[LogoutApply]:ipAddr:202.109.207.210RemoteClientPortalManager timeStamp=2011-11-16 16:20:19 resultCode=0 description=BAS设备告诉PortalServer此用户下线成功[INFO ] 2011-11-16 16:20:35,671 method:[DefaultFilter]:[doFilter]:userAgent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)[202.109.207.210]1、PC机，全国portal 167 省portal 166（福建）测试认证失败[INFO ] 2011-11-16 16:49:23,687method:[PhoneLogoutAction]:[execute]:loginName=483752463@fzlan@w.fj[INFO ] 2011-11-16 16:49:23,687method:[PhoneLogoutAction]:[execute]:ipAddr=202.109.207.214[ERROR] 2011-11-16 16:49:23,687method:[PhoneLogoutAction]:[execute]:ipAddr=202.109.207.214&remoteAddr=202.109.207.214 [INFO ] 2011-11-16 16:49:23,687method:[PhoneLogoutAction]:[execute]:loginName=483752463@fzlan@w.fj[INFO ] 2011-11-16 16:49:23,687method:[PhoneLogoutAction]:[execute]:ipAddr=202.109.207.214[ERROR] 2011-11-16 16:49:23,687method:[PhoneLogoutAction]:[execute]:ipAddr=202.109.207.214&remoteAddr=202.109.207.214 [INFO ] 2011-11-16 16:49:23,781 method:[LogoutApply]:ipAddr:202.109.207.214RemoteClientPortalManager timeStamp=2011-11-16 16:49:23url=http://202.109.207.166:8080/FjPortal/services/PortalServices[INFO ] 2011-11-16 16:49:23,921 method:[LogoutApply]:ipAddr:202.109.207.214RemoteClientPortalManager timeStamp=2011-11-16 16:49:23url=http://202.109.207.166:8080/FjPortal/services/PortalServices[INFO ] 2011-11-16 16:49:34,859 method:[LogoutApply]:ipAddr:202.109.207.214RemoteClientPortalManager timeStamp=2011-11-16 16:49:23 resultCode=0 description=BAS设备告诉PortalServer此用户下线成功[INFO ] 2011-11-16 16:49:34,968method:[DefaultFilter]:[doFilter]:userAgent:Post_Multipart[202.109.207.214][INFO ] 2011-11-16 16:50:24,734 method:[LogoutApply]:ipAddr:202.109.207.214RemoteClientPortalManager timeStamp=2011-11-16 16:49:23 resultCode=51 description=PortalServer发给BAS设备没有收到BAS设备发来的对各种请求的响应报文,而定时器时间到(即超时)1、PC机，全国portal 167 省portal 166（福建）测试上线认证成功全国Portal167[INFO ] 2011-11-16 16:55:21,171 method:[loginV3]:userName:483752463@fzlan provinceCode:w.fj loginName:483752463@fzlan@w.fj ipAddr:202.109.207.214LoginActionV3 [INFO ] 2011-11-16 16:55:21,265 method:[LoginApply]:loginName:483752463@fzlan@w.fj ipAddr:202.109.207.214RemoteClientPortalManager timeStamp=2011-11-16 16:55:21url=http://202.109.207.166:8080/FjPortal/services/PortalServices[INFO ] 2011-11-16 16:55:22,000 method:[LoginApply]:loginName:483752463@fzlan@w.fj ipAddr:202.109.207.214RemoteClientPortalManager timeStamp=2011-11-16 16:55:21 resultCode=0 description=请求成功[INFO ] 2011-11-16 16:55:22,000 method:{password=j99ume, userName=483752463@fzlan, pro=null, loginName=483752463@fzlan@w.fj, ipAddr=202.109.207.214,provinceCode=w.fj}=>null;0;请求成功省Portal166[INFO ] 2011-11-16 16:55:22,675 method:[LoginHandler]:[execute]:ResultCode:0 ResultInfo:请求成功[INFO ] 2011-11-16 16:55:22,675 method:{password=j99ume, userName=48375246, loginName=483752463@fzlan@w.fj, ipAddr=202.109.207.214}=>{loginOperation=2};0;请求成功全国portal 167 省portal 166（福建）测试下线成功全国Portal167[INFO ] 2011-11-16 16:57:25,703method:[PhoneLogoutAction]:[execute]:loginName=483752463@fzlan@w.fj[INFO ] 2011-11-16 16:57:25,703method:[PhoneLogoutAction]:[execute]:ipAddr=202.109.207.214[ERROR] 2011-11-16 16:57:25,703method:[PhoneLogoutAction]:[execute]:ipAddr=202.109.207.214&remoteAddr=202.109.207.214 [INFO ] 2011-11-16 16:57:25,781 method:[LogoutApply]:ipAddr:202.109.207.214RemoteClientPortalManager timeStamp=2011-11-16 16:57:25url=http://202.109.207.166:8080/FjPortal/services/PortalServices[INFO ] 2011-11-16 16:57:26,578 method:[LogoutApply]:ipAddr:202.109.207.214RemoteClientPortalManager timeStamp=2011-11-16 16:57:25resultCode=0 description=BAS设备告诉PortalServer此用户下线成功[INFO ] 2011-11-16 16:57:26,593 method:[DefaultFilter]:[doFilter]:userAgent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)[202.109.207.214]1、PC机，全国portal 167 省portal 166（福建）测试上线认证失败[INFO ] 2011-11-16 16:59:22,968 method:[loginV3]:userName:13333 provinceCode:w.fj loginName:13333@w.fj ipAddr:202.109.207.214LoginActionV3[INFO ] 2011-11-16 16:59:23,078 method:[LoginApply]:loginName:13333@w.fjipAddr:202.109.207.214RemoteClientPortalManager timeStamp=2011-11-16 16:59:22url=http://202.109.207.166:8080/FjPortal/services/PortalServices[INFO ] 2011-11-16 16:59:23,453 method:[LoginApply]:loginName:13333@w.fjipAddr:202.109.207.214RemoteClientPortalManager timeStamp=2011-11-16 16:59:22 resultCode=44 description=BAS设备告诉PortalServer此用户认证失败(发生错误)[INFO ] 2011-11-16 16:59:23,453 method:{password=111, userName=13333, pro=null, loginName=13333@w.fj, ipAddr=202.109.207.214, provinceCode=w.fj}=>null;44;BAS设备告诉PortalServer此用户认证失败(发生错误)[INFO ] 2011-11-16 17:02:27,484 method:[loginV3]:userName:483752463@fzlan provinceCode:w.fj loginName:483752463@fzlan@w.fj ipAddr:202.109.207.214LoginActionV3 [INFO ] 2011-11-16 17:02:27,500method:[DefaultFilter]:[doFilter]:userAgent:Post_Multipart[202.109.207.214][INFO ] 2011-11-16 17:02:27,562 method:[LoginApply]:loginName:483752463@fzlan@w.fj ipAddr:202.109.207.214RemoteClientPortalManager timeStamp=2011-11-16 17:02:27url=http://202.109.207.166:8080/FjPortal/services/PortalServices[INFO ] 2011-11-16 17:02:28,093 method:[LoginApply]:loginName:483752463@fzlan@w.fj ipAddr:202.109.207.214RemoteClientPortalManager timeStamp=2011-11-16 17:02:27 resultCode=0 description=请求成功[INFO ] 2011-11-16 17:02:28,093 method:{password=j99ume, userName=483752463@fzlan, pro=null, loginName=483752463@fzlan@w.fj, ipAddr=202.109.207.214,provinceCode=w.fj}=>null;0;请求成功[INFO ] 2011-11-16 17:04:17,812method:[PhoneLogoutAction]:[execute]:loginName=483752463@fzlan@w.fj[INFO ] 2011-11-16 17:04:17,812method:[PhoneLogoutAction]:[execute]:ipAddr=202.109.207.214[ERROR] 2011-11-16 17:04:17,812method:[PhoneLogoutAction]:[execute]:ipAddr=202.109.207.214&remoteAddr=202.109.207.214 [INFO ] 2011-11-16 17:04:17,828method:[PhoneLogoutAction]:[execute]:loginName=483752463@fzlan@w.fj[INFO ] 2011-11-16 17:04:17,828method:[PhoneLogoutAction]:[execute]:ipAddr=202.109.207.214[ERROR] 2011-11-16 17:04:17,828method:[PhoneLogoutAction]:[execute]:ipAddr=202.109.207.214&remoteAddr=202.109.207.214[INFO ] 2011-11-16 17:04:17,906 method:[LogoutApply]:ipAddr:202.109.207.214RemoteClientPortalManager timeStamp=2011-11-16 17:04:17url=http://202.109.207.166:8080/FjPortal/services/PortalServices[INFO ] 2011-11-16 17:04:17,906 method:[LogoutApply]:ipAddr:202.109.207.214RemoteClientPortalManager timeStamp=2011-11-16 17:04:17url=http://202.109.207.166:8080/FjPortal/services/PortalServices[INFO ] 2011-11-16 17:04:18,515 method:[LogoutApply]:ipAddr:202.109.207.214RemoteClientPortalManager timeStamp=2011-11-16 17:04:17 resultCode=0 description=BAS设备告诉PortalServer此用户下线成功[INFO ] 2011-11-16 17:04:18,640method:[DefaultFilter]:[doFilter]:userAgent:Post_Multipart[202.109.207.214][INFO ] 2011-11-16 17:04:21,171 method:[LogoutApply]:ipAddr:202.109.207.214RemoteClientPortalManager timeStamp=2011-11-16 17:04:17 resultCode=0 description=BAS设备告诉PortalServer此用户下线成功[INFO ] 2011-11-16 17:05:10,828 method:[loginV3]:userName:1234577 provinceCode:w.fj loginName:1234577@w.fj ipAddr:202.109.207.214LoginActionV3[INFO ] 2011-11-16 17:05:10,828method:[DefaultFilter]:[doFilter]:userAgent:Post_Multipart[202.109.207.214][INFO ] 2011-11-16 17:05:10,953 method:[LoginApply]:loginName:1234577@w.fjipAddr:202.109.207.214RemoteClientPortalManager timeStamp=2011-11-16 17:05:10url=http://202.109.207.166:8080/FjPortal/services/PortalServices[INFO ] 2011-11-16 17:05:11,234 method:[LoginApply]:loginName:1234577@w.fjipAddr:202.109.207.214RemoteClientPortalManager timeStamp=2011-11-16 17:05:10 resultCode=44 description=BAS设备告诉PortalServer此用户认证失败(发生错误) [INFO ] 2011-11-16 17:05:11,234 method:{password=1234566, userName=1234577, pro=null, loginName=1234577@w.fj, ipAddr=202.109.207.214, provinceCode=w.fj}=>null;44;BAS设备告诉PortalServer此用户认证失败(发生错误)。

Portal技术概述引言Portal现在已经成为企业最关注的领域之一，是实现企业整合的第一步。

其重要价值在于它是企业现有投资与新投资的集成节点，使用户能够与人、内容、应用和流程进行个性化的、安全的、单点式的互动交流。

对企业来说，建立Portal的意义在于可以使员工共享各种系统和信息资源，并对其进行统一的管理。

对员工来说，通过Portal 可以了解和掌握有关企业的各种信息、参加讨论、协同工作等。

Portal 自动将分散于企业各处的信息资源整理并发送给员工，真正实现信息找人的目的。

企业信息化的主要内容涵盖了产品的信息化、产品设计制造的信息化、生产组织信息化和管理与决策信息化等多个方面。

针对不同的信息化工作，企业门户的建立也各有差异。

企业信息化工作从最初的办公自动化（OA）、企业局域网（LAN）、企业广域网（W AN）、管理信息系统（MIS）、企业内部网和Web网站的建设阶段一路发展至今，开始进入电子商务（Ebusiness）时代。

信息门户集中了IT领域的诸多概念，如商务智能（BI，business intelligence）和文档管理（DM，document management）等，是信息化工作的融合和发展。

1.1什么是Portal？Portal 是能提供以下功能的,基于Web技术的,针对具体用户或社区的应用平台:1.用户可通过统一平台享受不同服务和操作不同应用2.协同工作与社区服务3.把整合好的内容个性化地传给终端用户信息分类协作应用集成个性化1.1.1为什么需要Portal?随着中国入世和知识经济的到来，经济全球化与市场需求的多样化、个性化对企业提出了更高的要求。

如何对市场环境的急剧变化和顾客需求的瞬息万变做出灵活、快捷的响应，及时地把握顾客的需求，有效地组织生产和提供令顾客满意的产品和服务成为企业生存与发展的基本前提。

传统的信息系统让用户头痛的是：–有太多的没有集成在一起的系统需要访问–常常为了一个结果，就需要访问多个系统–为了得到结果，要花很长的时间–由于信息的分散，常常错过一些重要的信息–有太多的用户名和口令需要牢记–很难管理多个系统的用户等等Portal为企业提供了一个单一的访问企业各种信息资源的入口，将企业的应用、人员、信息与流程有机地结合起来，为信息化工作的开展提供了可行的思路和解决方案。

ARUBA AC实验（PSK、PORTAL、MAC和802.1X认证）2020-4-27作者：J|NQQ:342774473Aruba AC实验（PSK、PORTAL、MAC和802.1X认证）一、实验拓扑图二、无线控制器初始化配置三、 电脑设置手动IP 与无线控制器互联。

四、增加VLAN、无线控制器管理IP(192.168.53.107)和IPSET认证允许。

五、添加192.168.53.250默认路由。

六、添加VLAN默认网关七、添加DHCP服务器和网段八、新建无线组（HM和ZP）九、新建Guest无线配置文件(PSK+PORTAL认证VLAN10)9.1新建Guest角色配置9.2新建Guest AAA配置9.3新建Gues VAP配置9.4在VAP配置增加Guest 无线SSID9.5关联Guest VAP 无线VLAN9.6添加vlan nat 访问外网9.8添加Potal认证关联9.9建立内部用户测试Portal认证。

9.10设置Portal认证跳转页面和自动跳转时间十、新建Staff无线配置文件(802.1X认证VLAN20)10.1新建Staff角色配置10.2添加Radius服务器和Radius组10.3添加L2 802.1X配置文件10.4添加Staff AAA配置10.5添加VLAN NAT10.6新建Staff VAP 文件10.7新建Staff VAP 的SSID文件10.8关联Staff无线VLAN十一、新建VIP无线配置文件(MAC+PORTAL认证VLAN30)11.1新建VIP角色配置11.2新建VIP AAA配置11.3新建VIP VAP配置11.4新建VIP SSID配置11.5新建VLAN NAT11.6绑定电脑MAC地址11.6新建和绑定VIP角色PORTAL文件十二、新建Fasion无线配置文件(802.1X认证VLAN40)12.1新建Fasion角色文件12.2新建Fashion AAA配置12.3新建Fash VAP配置12.4新建Fashion SSID 配置12.5关联Fasion VLAN12.6添加Fasion VLAN NAT。

目录一、实验拓扑 (2)二、实验需求 (2)三、实验步骤 (2)3.1．中间设备的配置 (2)3.2．IMC侧的配置 (4)四、实验测试 (15)一、实验拓扑二、实验需求如上图所示，用户通过DHCP自动获取地址，在中间设备和IMC服务器上做portal相关的配置，然后使得用户只有通过portal验证才可以正常访问相应的资源。

三、实验步骤3.1．中间设备的配置首先配置DHCP的：dhcp enabledhcp server ip-pool zrcgateway-list 192.168.1.1network 192.168.1.0 mask 255.255.255.0配置和IMC直连接口地址：interface Vlan-interface1ip address 10.88.142.221 255.255.254.0配置和用户侧直连的接口配置（地址以及portal相关配置）：interface Vlan-interface2ip address 192.168.1.1 255.255.255.0portal enable method directportal domain zrcportal bas-ip 192.168.1.1portal apply web-server zrc将端口加入对应vlan：interface GigabitEthernet1/0/9port access vlan 2配置radius：radius session-control enableradius scheme zrcprimary authentication 10.88.142.171primary accounting 10.88.142.171key authentication cipher $c$3$g5++h5a3butLOgV9BBRAmQ9jrMWTLQ== key accounting cipher $c$3$mT2KHXDYm8uFW/tC5ShdhfQZIFCl+w== user-name-format without-domain配置验证域，调用radius方案：domainzrcauthentication portal radius-scheme zrcauthorization portal radius-scheme zrcaccounting portal radius-scheme zrc配置portal的web地址：portal web-server zrcurl 10.88.142.171:8080/portal配置portal server：portal server zrcip 10.88.142.171 key cipher $c$3$lhtCedxy1dqpYaqavy8ByOIi/P9ymg==3.2．IMC侧的配置首先配置一个接入设备：用户-----接入策略管理-----接入设备管理------接入设备配置点击增加，增加一台设备：点手工增加这里设置共享密钥为zrc之后确认。

无线直接portal认证1.组网需求●用户通过无线SSID接入，根据业务需求，接入用户通过vlan20、vlan30和vlan40，3个网段接入，AP管理地址使用vlan10网段，所有网关在AC上，并且通过AC上的DHCP 获取地址。

●用户接入时需要启用portal认证。

2.组网图3.配置思路●在WX3024E上配置portal功能●配置IMC服务器4.配置信息●AC配置如下：[H3C_AC-1]disp cu#version 5.20, Release 3507P18#sysname H3C_AC-1#domain default enable h3c#telnet server enable#port-security enable#portal server imc ip 192.168.1.11 key cipher $c$3$JE7u4JeHMC5L06LL4Jl1jaJZB0f86sEz url http://192.168.1.11:8080/portal server-type imc#oap management-ip 192.168.0.101 slot 0#password-recovery enable#vlan 1#vlan 10description to_AP#vlan 20description _User#vlan 30description to_User#vlan 40description to_User#vlan 100description to_IMC#vlan 1000description to_Router#radius scheme imcserver-type extendedprimary authentication 192.168.1.11primary accounting 192.168.1.11key authentication cipher $c$3$q+rBITlcE79qH12EH3xe3Rc8Nj/fcVy1key accounting cipher $c$3$Uiv1821RWnPK4Mi2fIzd29DJ6yKvp38inas-ip 192.168.1.254#domain h3cauthentication portal radius-scheme imcauthorization portal radius-scheme imcaccounting portal radius-scheme imcaccess-limit disablestate activeidle-cut disableself-service-url disabledomain systemaccess-limit disablestate activeidle-cut disableself-service-url disable#dhcp server ip-pool vlan10network 192.168.10.0 mask 255.255.255.0gateway-list 192.168.10.254dns-list 8.8.8.8option 43 hex 80070000 01C0A80A FE#dhcp server ip-pool vlan20network 172.16.20.0 mask 255.255.255.0gateway-list 172.16.20.254dns-list 8.8.8.8#dhcp server ip-pool vlan30network 172.16.30.0 mask 255.255.255.0gateway-list 172.16.30.254dns-list 8.8.8.8#dhcp server ip-pool vlan40network 172.16.40.0 mask 255.255.255.0gateway-list 172.16.40.254dns-list 8.8.8.8#user-group systemgroup-attribute allow-guest#local-user adminpassword cipher $c$3$v9m2UEc3AWP3KbkKm480OAgOcpMkD0pD authorization-attribute level 3service-type telnet#wlan rrmdot11a mandatory-rate 6 12 24dot11a supported-rate 9 18 36 48 54dot11b mandatory-rate 1 2dot11b supported-rate 5.5 11dot11g mandatory-rate 1 2 5.5 11dot11g supported-rate 6 9 12 18 24 36 48 54 #wlan service-template 1 cryptossid H3C-VLAN20bind WLAN-ESS 20cipher-suite ccmpsecurity-ie wpaservice-template enable#wlan service-template 2 cryptossid H3C-VLAN30bind WLAN-ESS 30cipher-suite ccmpsecurity-ie wpaservice-template enable#wlan service-template 3 cryptossid H3C-VLAN40bind WLAN-ESS 40cipher-suite ccmpsecurity-ie wpaservice-template enable#wlan ap-group default_groupap ap1#interface Bridge-Aggregation1port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 10 20 30 40 100 1000 #interface NULL0#interface Vlan-interface1ip address 192.168.0.100 255.255.255.0#interface Vlan-interface10description to_Userip address 192.168.10.254 255.255.255.0#interface Vlan-interface20description to_Userip address 172.16.20.254 255.255.255.0portal server imc method direct#interface Vlan-interface30description to_Userip address 172.16.30.254 255.255.255.0#interface Vlan-interface40description to_User_vlan40ip address 172.16.40.254 255.255.255.0#interface Vlan-interface100description to_IMCip address 192.168.1.254 255.255.255.0#interface Vlan-interface1000description to_Routerip address 10.1.1.2 255.255.255.252#interface GigabitEthernet1/0/1port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 10 20 30 40 100 1000port link-aggregation group 1#interface GigabitEthernet1/0/2port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 10 20 30 40 100 1000port link-aggregation group 1#interface WLAN-ESS20port access vlan 20port-security port-mode pskport-security tx-key-type 11keyport-security preshared-key pass-phrase 12345678 #interface WLAN-ESS30port access vlan 30port-security port-mode pskport-security tx-key-type 11keyport-security preshared-key pass-phrase 12345678#interface WLAN-ESS40port access vlan 40ort-security port-mode pskpport-security tx-key-type 11keyport-security preshared-key pass-phrase 12345678 wlan ap ap1 model WA3620i-AGN id 1serial-id 210235A1BBC146000073radio 1service-template 1service-template 2service-template 3radio enableradio 2channel 6service-template 1service-template 2service-template 3radio enable#ip route-static 0.0.0.0 0.0.0.0 10.1.1.1#wlan ipsmalformed-detect-policy defaultsignature deauth_flood signature-id 1signature broadcast_deauth_flood signature-id 2 signature disassoc_flood signature-id 3 signature broadcast_disassoc_flood signature-id 4 signature eapol_logoff_flood signature-id 5 signature eap_success_flood signature-id 6 signature eap_failure_flood signature-id 7 signature pspoll_flood signature-id 8signature cts_flood signature-id 9signature rts_flood signature-id 10signature addba_req_flood signature-id 11 signature-policy defaultcountermeasure-policy defaultattack-detect-policy defaultvirtual-security-domain defaultattack-detect-policy defaultmalformed-detect-policy defaultsignature-policy defaultcountermeasure-policy default#dhcp server forbidden-ip 192.168.10.254 dhcp server forbidden-ip 172.16.20.254 dhcp server forbidden-ip 172.16.30.254 dhcp server forbidden-ip 172.16.40.254 #dhcp enable#user-interface con 0user-interface vty 0 4authentication-mode schemeuser privilege level 3#return交换机配置如下<H3C-SW01>disp cu#version 5.20, Release 3507P18#sysname H3C-SW01#domain default enable system#telnet server enable#oap management-ip 192.168.0.100 slot 1 #password-recovery enable#vlan 1#vlan 10description to_AP#vlan 20description to_User-vlan20#vlan 30description to_User-vlan30#vlan 40description to_User-vlan40#vlan 100description to_IMC#vlan 1000description to_Router#domain systemaccess-limit disablestate activeidle-cut disableself-service-url disable#user-group system#local-user adminpassword cipher $c$3$078okxl+RPQFofPe76YXbYryBRI3uMKv authorization-attribute level 3service-type telnet#interface Bridge-Aggregation1port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 10 20 30 40 100 1000#interface NULL0#interface Vlan-interface1ip address 192.168.0.101 255.255.255.0#interface GigabitEthernet1/0/1port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 20 30 40port trunk pvid vlan 10poe enable#interface GigabitEthernet1/0/2port access vlan 100poe enable#interface GigabitEthernet1/0/3port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 1000poe enable#interface GigabitEthernet1/0/4 poe enable#interface GigabitEthernet1/0/5 poe enable#interface GigabitEthernet1/0/6 poe enable#interface GigabitEthernet1/0/7 poe enable#interface GigabitEthernet1/0/8 poe enable#interface GigabitEthernet1/0/9 poe enable#interface GigabitEthernet1/0/10 poe enable#interface GigabitEthernet1/0/11 poe enable#interface GigabitEthernet1/0/12 poe enable#interface GigabitEthernet1/0/13 poe enable#interface GigabitEthernet1/0/14 poe enable#interface GigabitEthernet1/0/15 poe enable#interface GigabitEthernet1/0/16 poe enable#interface GigabitEthernet1/0/17 poe enable#interface GigabitEthernet1/0/18poe enable#interface GigabitEthernet1/0/19poe enable#interface GigabitEthernet1/0/20poe enable#interface GigabitEthernet1/0/21poe enable#interface GigabitEthernet1/0/22poe enable#interface GigabitEthernet1/0/23poe enable#interface GigabitEthernet1/0/24poe enable#interface GigabitEthernet1/0/25shutdown#interface GigabitEthernet1/0/26shutdown#interface GigabitEthernet1/0/27shutdown#interface GigabitEthernet1/0/28shutdown#interface GigabitEthernet1/0/29port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 10 20 30 40 100 1000 port link-aggregation group 1#interface GigabitEthernet1/0/30port link-type trunkundo port trunk permit vlan 1port trunk permit vlan 10 20 30 40 100 1000 port link-aggregation group 1#user-interface aux 0user-interface vty 0 4authentication-mode schemeuser-interface vty 5 15#Return5.IMC配置：配置接入设备：在导航栏中选择“用户->接入策略管理->接入设备管理->接入设备配置”，点击<增加>按钮。

浅谈WLAN运营中Portal认证安全性WLAN运营有多种认证方式，但最常用的方式为弹出Portal登录页面。

即：用户搜索到运营商的AP后，连接进去获得IP地址，打开浏览器，输入账号和密码便可登录，如下图展示的是Saiver的热点登录界面：这种方式虽然简单方便，但由于AP的接入没有采用WEP和WPA2等加密方式，空中信道很容易被侦查破解，黑客能够截获空中传输的账号和密码。

因此直接采用该方式安全性较低。

如何提高登录页面的安全性呢？目前大部分WLAN运营商采用以下几种辅助方案：1.Portal服务器与NAS和Radius服务器采用CHAP的认证方式2.HTTPS的登录页面方式3.手机短信获得动态密码的方式下面对这三种方式进行论述与比较。

1．方案1的认证方式最为简单实用，也非常安全。

其中Radius标准提供了两种可选的身份认证方法：口令验证协议PAP（PasswordAuthenticationProtocol，PAP）和质询握手协议（ChallengeHandshake Authentication Protocol，CHAP）。

如果双方协商达成一致，也可以不使用任何身份认证方法。

质询握手协议认证（CHAP）相比口令验证协议认证（PAP）安全性更高，因为CHAP不在线路上发送明文密码，而是发送经过摘要算法加工过的随机序列，也被称为"挑战字符串".处理算法和过程如下图所示。

与此同时，身份认证可以随时进行，包括在双方正常通信过程中。

因此，这种方式下传输的密码具有时效性。

采用PAP的认证方式，密码是明码或者采用可逆算法传输，而且可以通过查看登录页面的源代码查到加密的算法，因此可以很容易地找到破解的算法。

而CHAP采用MD5的加密方式是不可逆的，算法是公开的，也就是说侦听者无法从加密后的结果去反算出密码，在整个认证过程中的只有Radiusserver和用户知道密码，包括BRAS 等接入设备也只是传输MD5加密后的结果，加密采用一个挑战值的方式，每次认证都不一样，加密的结果也是每次不同，即使被黑客获得，也会在下一次认证时失效。