409
Table 18 Interface and IP address assignment
Device Interface IP address Device Interface IP address
Hub 1 GE2/0/1 10.0.0.2/24 Spoke 1 GE2/0/1 10.0.0.2/24
Tunnel1 192.168.0.1/24 GE2/0/2 192.168.1.1/24
Hub 2 GE2/0/1 10.0.0.3/24 Tunnel1 192.168.0.3/24
Tunnel1 192.168.0.2/24 Spoke 2 GE2/0/1 10.0.0.2/24
NAT1 GE2/0/1 1.0.0.1/24 GE2/0/2 192.168.2.1/24
GE2/0/2 10.0.0.1/24 Tunnel1 192.168.0.4/24
NAT2 GE2/0/1 1.0.0.2/24 NAT4 GE2/0/1 1.0.0.4/24
GE2/0/2 10.0.0.1/24 GE2/0/2 10.0.0.1/24
NAT3 GE2/0/1 1.0.0.3/24 AAA server 10.0.0.2/24
GE2/0/2 10.0.0.1/24 Primary server GE2/0/1 10.0.0.3/24
Secondary
server
GE2/0/1 10.0.0.4/24
Configuring the primary VAM server
1. Configure IP addresses for the interfaces. (Details not shown.)
2. Configure AAA:
# Configure RADIUS scheme abc.
<PrimaryServer> system-view
[PrimaryServer] radius scheme abc
[PrimaryServer-radius-abc] primary authentication 1.0.0.10 1812
[PrimaryServer-radius-abc] primary accounting 1.0.0.10 1813
[PrimaryServer-radius-abc] key authentication simple 123
[PrimaryServer-radius-abc] key accounting simple 123
[PrimaryServer-radius-abc] user-name-format without-domain
[PrimaryServer-radius-abc] quit
[PrimaryServer] radius session-control enable
# Configure AAA methods for ISP domain abc.
[PrimaryServer] domain abc
[PrimaryServer-isp-abc] authentication advpn radius-scheme abc
[PrimaryServer-isp-abc] accounting advpn radius-scheme abc
[PrimaryServer-isp-abc] quit
[PrimaryServer] domain default enable abc
3. Configure the VAM server:
# Create ADVPN domain abc.
[PrimaryServer] vam server advpn-domain abc id 1
# Create hub group 0.
[PrimaryServer-vam-server-domain-abc] hub-group 0
# Configure hubs in hub group 0:
{ Hub1—The private address is 192.168.0.1, the public address is 1.0.0.1 (after NAT), and
the source port number of ADVPN packets is 4001 (after NAT).
{ Hub2—The private address is 192.168.0.2, the public address is 1.0.0.1 (after NAT), and
the source port number of ADVPN packets is 4002 (after NAT).