193
• The PPPoE server uses shared key expert for secure RADIUS communication, and sends
usernames with domain names to the RADIUS server.
• NAT444 cooperates with BRAS, and assigns a public IP address and a port block after the host
passes authentication and obtains a private IP address.
Figure 77 Network diagram
Configuration procedure
1. Configure the RADIUS server (details not shown):
# Set the shared key for secure communication to expert.
# Add a user account and password for the PPP users connected to the router.
2. Configure the router:
# Create RADIUS scheme rad.
<Router> system-view
[Router] radius scheme rad
# Specify the IP address and service port of the primary authentication server as 10.0.0.1 and
1812.
[Router-radius-rad] primary authentication 10.0.0.1 1812
# Set the shared key to plaintext expert for secure communication.
[Router-radius-rad] key authentication simple expert
# Include domain names in the usernames sent to the RADIUS server.
[Router-radius-rad] user-name-format with-domain
[Router-radius-rad] quit
# Create ISP domain cgn.
[Router] domain cgn
# Specify RADIUS scheme rad for PPP user authentication, authorization, and accounting.
[Router-isp-cgn] authentication ppp radius-scheme rad
[Router-isp-cgn] authorization ppp radius-scheme rad
[Router-isp-cgn] accounting ppp radius-scheme rad
# Specify the user address type as private IPv4 address.
[Router-isp-cgn] user-address-type private-ipv4
[Router-isp-cgn] quit
# Create a PPP address pool and add IP addresses 10.210.0.2 to 10.210.0.255 to the pool.
[Router] ip pool 1 10.210.0.2 10.210.0.255
# Configure interface Virtual-Template 1 to use CHAP for authentication and use PPP address
pool 1 for IP address assignment.
[Router] interface virtual-template 1
[Router-Virtual-Template1] ppp authentication-mode chap domain cgn
[Router-Virtual-Template1] remote address pool 1
To Next Page
Loading...
Need help?
General
