74
RADIUS authentication and authorization for Telnet users by
a network device
The following matrix shows the feature and hardware compatibility:
Hardware Feature compatibility
MSR900 No
MSR93X No
MSR20-1X Yes
MSR20 Yes
MSR30 Yes
MSR50 No
MSR1000 Yes
Network requirements
As shown in Figure 32, configure Router B as the RADIUS server to provide user authentication and
authorization on port 1645.
Configure Router A to use the RADIUS server for Telnet user authentication and authorization, and
to remove the domain name in a username sent to the server.
Set the shared keys for secure communication between the NAS and the RADIUS server to abc.
Figure 32 Network diagram
Configuration procedure
1. Configure an IP address for each interface as shown in Figure 32. (Details not shown.)
2. Configure the NAS:
# Enable the Telnet server on Router A.
<RouterA> system-view
[RouterA] telnet server enable
# Configure Router A to use AAA for Telnet users.
[RouterA] user-interface vty 0 4
[RouterA-ui-vty0-4] authentication-mode scheme
[RouterA-ui-vty0-4] quit
# Create RADIUS scheme rad.
[RouterA] radius scheme rad
# Specify the IP address of the primary authentication server as 10.1.1.2, the port for
authentication as 1645, and the shared key for secure authentication communication as abc.
[RouterA-radius-rad] primary authentication 10.1.1.2 1645 key abc
# Remove domain names from the usernames sent to the RADIUS server.
[RouterA-radius-rad] user-name-format without-domain
Telnet user
192.168.1.2
Router A Router B
NAS RADIUS server
Eth1/2
10.1.1.1/24
Eth1/1
10.1.1.2/24
Eth1/1
192.168.1.1/24
To Next Page
Loading...
