409
Table 18 Interface and IP address assignment
Device Interface IP address Device Interface IP address
Hub 1 GE2/0/1 10.0.0.2/24 Spoke 1 GE2/0/1 10.0.0.2/24
Tunnel1 192.168.0.1/24 GE2/0/2 192.168.1.1/24
Hub 2 GE2/0/1 10.0.0.3/24 Tunnel1 192.168.0.3/24
Tunnel1 192.168.0.2/24 Spoke 2 GE2/0/1 10.0.0.2/24
NAT1 GE2/0/1 1.0.0.1/24 GE2/0/2 192.168.2.1/24
GE2/0/2 10.0.0.1/24 Tunnel1 192.168.0.4/24
NAT2 GE2/0/1 1.0.0.2/24 NAT4 GE2/0/1 1.0.0.4/24
GE2/0/2 10.0.0.1/24 GE2/0/2 10.0.0.1/24
NAT3 GE2/0/1 1.0.0.3/24 AAA server 10.0.0.2/24
GE2/0/2 10.0.0.1/24 Primary server GE2/0/1 10.0.0.3/24
Secondary
server
GE2/0/1 10.0.0.4/24
Configuring the primary VAM server
1. Configure IP addresses for the interfaces. (Details not shown.)
2. Configure AAA:
# Configure RADIUS scheme abc.
<PrimaryServer> system-view
[PrimaryServer] radius scheme abc
[PrimaryServer-radius-abc] primary authentication 1.0.0.10 1812
[PrimaryServer-radius-abc] primary accounting 1.0.0.10 1813
[PrimaryServer-radius-abc] key authentication simple 123
[PrimaryServer-radius-abc] key accounting simple 123
[PrimaryServer-radius-abc] user-name-format without-domain
[PrimaryServer-radius-abc] quit
[PrimaryServer] radius session-control enable
# Configure AAA methods for ISP domain abc.
[PrimaryServer] domain abc
[PrimaryServer-isp-abc] authentication advpn radius-scheme abc
[PrimaryServer-isp-abc] accounting advpn radius-scheme abc
[PrimaryServer-isp-abc] quit
[PrimaryServer] domain default enable abc
3. Configure the VAM server:
# Create ADVPN domain abc.
[PrimaryServer] vam server advpn-domain abc id 1
# Create hub group 0.
[PrimaryServer-vam-server-domain-abc] hub-group 0
# Configure hubs in hub group 0:
{ Hub1—The private address is 192.168.0.1, the public address is 1.0.0.1 (after NAT), and
the source port number of ADVPN packets is 4001 (after NAT).
{ Hub2—The private address is 192.168.0.2, the public address is 1.0.0.1 (after NAT), and
the source port number of ADVPN packets is 4002 (after NAT).
To Next Page
Loading...
Need help?
General
