74
Set the shared keys for secure communication between the NAS and the RADIUS server to abc.
Figure 33 Network diagram
Configuration procedure
# Configure an IP address for each interface as shown in Figure 33. (Details not shown)
1. Configure the NAS
# Enable the Telnet server on Switch A.
<SwitchA> system-view
[SwitchA] telnet server enable
# Configure Switch A to use AAA for Telnet users.
[SwitchA] user-interface vty 0 4
[SwitchA-ui-vty0-4] authentication-mode scheme
[SwitchA-ui-vty0-4] quit
# Create RADIUS scheme rad.
[SwitchA] radius scheme rad
# Specify the IP address for the primary authentication server as 10.1.1.2, the port for authentication as
1645, and the shared key for secure authentication communication as abc.
[SwitchA-radius-rad] primary authentication 10.1.1.2 1645 key abc
# Configure the scheme to remove the domain name from a username before sending the username to
the RADIUS server.
[SwitchA-radius-rad] user-name-format without-domain
# Set the source IP address for RADIUS packets as 10.1.1.1.
[SwitchA-radius-rad] nas-ip 10.1.1.1
[SwitchA-radius-rad] quit
# Create ISP domain bbb.
[SwitchA] domain bbb
# Specify the authentication method for Telnet users as rad.
[SwitchA-isp-bbb] authentication login radius-scheme rad
# Specify the authorization method for Telnet users as rad.
[SwitchA-isp-bbb] authorization login radius-scheme rad
# Specify the accounting method for Telnet users as none.
[SwitchA-isp-bbb] accounting login none
# Configure the RADIUS server type as standard. When a switch is configured to serve as a RADIUS
server, the server type must be set to standard.
[SwitchA-isp-bbb] server-type standard
[SwitchA-isp-bbb] quit
# Configure bbb as the default ISP domain. Then, if a user enters a username without any ISP domain at
login, the authentication and accounting methods of the default domain will be used for the user.
[SwitchA] domain default enable bbb
To Next Page
Loading...
Need help?
General