华为Me60 bras web认证 portal认证配置

aaa
http-redirect enable
domain pre-web --------认证前域
authentication-scheme default0
accounting-scheme default0
user-group web
web-server 111.208.61.24
web-server url http://111.208.61.24
acl number 6001 ------举例,配置前域可以访问的地址,不需要配置端口号
rule permit ip source user-group web destination ip-address 111.208.22.73 0
rule permit ip source user-group web destination ip-address 111.208.55.7 0
rule permit ip source user-group web destination ip-address 111.208.61.40 0
rule permit ip source user-group web destination ip-address 111.208.61.4 0
rule permit ip source user-group web destination ip-address 127.0.0.1 0
acl number 6002 ----用户访问其他http资源都强推页面,支持80和8080端口,端口号必须配置,需要确保以下规则的配置顺序。
rule permit tcp source user-group wx destination-port eq www
rule permit tcp source user-group wx destination-port eq 8080
rule permit ip source user-group wx -----当用户访问非http资源(如FTP)时命中这条规则,流动作是http-redirect的情况下会做deny处理

traffic classifier permit
if-match acl 6001

traffic classifier redirect
if-match acl 6002

traffic behavior permit

traffic behavior redirect
http-redirect

traffic policy web
classifier permit behavior permit
classifier redirect behavior redirect

traffic-policy web inbound

最后修改:2016 年 10 月 20 日
一分也是爱
  • 相关文章

    • 无相关文章