[i=s] 本帖最后由 cfplzjc 于 2025-7-20 09:50 编辑 [/i]
1、网络拓扑
Ruijie-SW1作为核心交换机,agg1上联Ruijie-RSR,g0/0旁挂华为AR充当DHCP服务器,g0/3横联华为Agile Controller充当radius服务器,做一个小小的portal实验
目前进展:输入1.1.1.1无法跳转portal页面,ISP为家用路由器,通过在Ruijie-RSR和家用路由器做2次NAT,实现访问外网。
2、网络配置
(1)Ruijie-RSR
!
hostname ISP01
!
ip access-list standard 10
1 permit 192.168.1.0 0.0.0.255
!
interface GigabitEthernet 0/0
ip address dhcp
ip nat outside
!
interface AggregatePort 1
no switchport
ip address 172.16.1.1 255.255.255.252
ip nat inside
!
interface GigabitEthernet 0/1
port-group 1
!
interface GigabitEthernet 0/2
port-group 1
!
ip nat inside source list 10 interface GigabitEthernet 0/0 overload
!
ip route 192.168.1.0 255.255.255.0 172.16.1.2
(2)Ruijie-SW01
hostname HX-SW01
!
http redirect direct-site 10.1.5.107
http redirect direct-site 10.168.1.254
!
service dhcp
!
radius-server host 10.1.5.107 key pass@800
!
aaa group server radius huawei
server 10.1.5.107
!
aaa new-model
!
aaa accounting network huawei start-stop group huawei
aaa authentication web-auth huawei group huawei
!
web-auth template huawei v2
ip 10.1.5.107
url http://10.1.5.107:8080/portal
fmt cmcc-normal
authentication huawei
accounting huawei
!
web-auth portal key pass@800
!
vlan range 1,10
!
interface GigabitEthernet 0/0
no switchport
ip address 172.16.2.2 255.255.255.252
!
interface AggregatePort 1
no switchport
ip address 172.16.1.2 255.255.255.252
!
interface GigabitEthernet 0/1
no switchport
port-group 1
!
interface GigabitEthernet 0/2
no switchport
port-group 1
!
interface GigabitEthernet 0/3
no switchport
ip address 10.1.5.254 255.255.255.0
!
interface GigabitEthernet 0/4
switchport mode trunk
web-auth enable huawei
!
interface VLAN 10
ip address 192.168.1.254 255.255.255.0
ip helper-address 172.16.2.1
!
ip route 0.0.0.0 0.0.0.0 172.16.1.1
(3)DHCP_Server
#
sysname dhcp
#
dhcp enable
#
ip pool user
gateway-list 192.168.1.254
network 192.168.1.0 mask 255.255.255.0
dns-list 10.168.1.254
#
interface GigabitEthernet0/0/0
ip address 172.16.2.1 255.255.255.252
dhcp select global
#
ip route-static 192.168.1.0 255.255.255.0 172.16.2.2
(4)Ruijie-SW2
!
hostname Access-SW02
!
vlan range 1,10
!
interface GigabitEthernet 0/0
switchport mode trunk
!
interface GigabitEthernet 0/1
switchport access vlan 10
(5)radius配置
=======================设备管理
=======================添加用户
========================认证授权,略,其它实验已多次贴出
3、实验结果
(1)radius server和web-server状态正常
(2)直接输入portal认证地址,也认证不成功,radius无认证记录
(4)参考案例链接,唯一的区别这里的是有线web认证
https://www.doc88.com/p-90287694901320.html
发表于 2025-7-12 18:08:17
大佬,Agile Controller能分享下不
楼主
