锐捷SW对接Agile Controller不成功~~
本帖最后由 cfplzjc 于 2025-7-20 09:50 编辑<p>1、网络拓扑</p>
<p>Ruijie-SW1作为核心交换机,agg1上联Ruijie-RSR,g0/0旁挂华为AR充当DHCP服务器,g0/3横联华为Agile Controller充当radius服务器,做一个小小的portal实验</p>
<p>目前进展:输入1.1.1.1无法跳转portal页面,ISP为家用路由器,通过在Ruijie-RSR和家用路由器做2次NAT,实现访问外网。</p>
<p><img src="data/attachment/forum/202507/12/064209wih4kg3grikkrgce.png" alt="图片.png" title="图片.png" /></p>
<p>2、网络配置</p>
<p>(1)Ruijie-RSR</p>
<pre><code>!
hostname ISP01
!
ip access-list standard 10
1 permit 192.168.1.0 0.0.0.255
!
interface GigabitEthernet 0/0
ip address dhcp
ip nat outside
!
interface AggregatePort 1
no switchport
ip address 172.16.1.1 255.255.255.252
ip nat inside
!
interface GigabitEthernet 0/1
port-group 1
!
interface GigabitEthernet 0/2
port-group 1
!
ip nat inside source list 10 interface GigabitEthernet 0/0 overload
!
ip route 192.168.1.0 255.255.255.0 172.16.1.2
</code></pre>
<p>(2)Ruijie-SW01</p>
<pre><code>hostname HX-SW01
!
http redirect direct-site 10.1.5.107
http redirect direct-site 10.168.1.254
!
service dhcp
!
radius-server host 10.1.5.107 key pass@800
!
aaa group server radius huawei
server 10.1.5.107
!
aaa new-model
!
aaa accounting network huawei start-stop group huawei
aaa authentication web-auth huawei group huawei
!
web-auth template huawei v2
ip 10.1.5.107
url http://10.1.5.107:8080/portal
fmt cmcc-normal
authentication huawei
accounting huawei
!
web-auth portal key pass@800
!
vlan range 1,10
!
interface GigabitEthernet 0/0
no switchport
ip address 172.16.2.2 255.255.255.252
!
interface AggregatePort 1
no switchport
ip address 172.16.1.2 255.255.255.252
!
interface GigabitEthernet 0/1
no switchport
port-group 1
!
interface GigabitEthernet 0/2
no switchport
port-group 1
!
interface GigabitEthernet 0/3
no switchport
ip address 10.1.5.254 255.255.255.0
!
interface GigabitEthernet 0/4
switchport mode trunk
web-auth enable huawei
!
interface VLAN 10
ip address 192.168.1.254 255.255.255.0
ip helper-address 172.16.2.1
!
ip route 0.0.0.0 0.0.0.0 172.16.1.1
</code></pre>
<p>(3)DHCP_Server</p>
<pre><code>#
sysname dhcp
#
dhcp enable
#
ip pool user
gateway-list 192.168.1.254
network 192.168.1.0 mask 255.255.255.0
dns-list 10.168.1.254
#
interface GigabitEthernet0/0/0
ip address 172.16.2.1 255.255.255.252
dhcp select global
#
ip route-static 192.168.1.0 255.255.255.0 172.16.2.2
</code></pre>
<p>(4)Ruijie-SW2</p>
<pre><code>!
hostname Access-SW02
!
vlan range 1,10
!
interface GigabitEthernet 0/0
switchport mode trunk
!
interface GigabitEthernet 0/1
switchport access vlan 10
</code></pre>
<p>(5)radius配置</p>
<p>=======================设备管理</p>
<p><img src="data/attachment/forum/202507/20/094440tj2i72i17jg355cz.png" alt="图片.png" title="图片.png" /></p>
<p><img src="data/attachment/forum/202507/20/094553k5y80ebzl3hfhm53.png" alt="图片.png" title="图片.png" /></p>
<p>=======================添加用户</p>
<p><img src="data/attachment/forum/202507/12/065629wcqgngqrqt99r8kn.png" alt="图片.png" title="图片.png" /></p>
<p>========================认证授权,略,其它实验已多次贴出</p>
<p>3、实验结果</p>
<p>(1)radius server和web-server状态正常</p>
<p><img src="data/attachment/forum/202507/20/094741c27rbfk8x067888e.png" alt="图片.png" title="图片.png" /></p>
<p>(2)直接输入portal认证地址,也认证不成功,radius无认证记录</p>
<p><img src="data/attachment/forum/202507/12/065931ego0g4ppp3pqhuhf.png" alt="图片.png" title="图片.png" /></p>
<p><img src="data/attachment/forum/202507/12/070001ifcjdidi8qif0a0b.png" alt="图片.png" title="图片.png" /></p>
<p>(4)参考案例链接,唯一的区别这里的是有线web认证</p>
<p>https://www.doc88.com/p-90287694901320.html</p>
<p><img alt="lol" class="emoji" src="https://www.emulatedlab.com/static/image/smiley/default/lol.gif" title="lol" /> 大佬,Agile Controller能分享下不</p>
<p>添加了snmp参数,还是不行,放弃了。。。</p>
<p><img src="data/attachment/forum/202507/18/195001pz1ce7jec3wbwcu3.png" alt="图片.png" title="图片.png" /></p>
<p>Agile Controller镜像放出来大家一起研究一下</p>
页:
[1]