75
# Set the source IP address for outgoing RADIUS packets as 10.1.1.1.
[RouterA-radius-rad] nas-ip 10.1.1.1
# Configure the RADIUS server type as standard. When a network device is configured to be a
RADIUS server, the server type must be set to standard.
[RouterA-radius-rad] server-type standard
[RouterA-radius-rad] quit
# Create ISP domain bbb.
[RouterA] domain bbb
# Specify the authentication method for Telnet users as rad.
[RouterA-isp-bbb] authentication login radius-scheme rad
# Specify the authorization method for Telnet users as rad.
[RouterA-isp-bbb] authorization login radius-scheme rad
# Specify the accounting method for Telnet users as none.
[RouterA-isp-bbb] accounting login none
[RouterA-isp-bbb] quit
# Configure bbb as the default ISP domain. Then, if a user enters a username without any ISP
domain at login, the authentication and accounting methods of the default domain will be used
for the user.
[RouterA] domain default enable bbb
3. Configure the RADIUS server:
# Create RADIUS user aaa and enter its view.
<RouterB> system-view
[RouterB] radius-server user aaa
# Configure a plaintext password aabbcc for user aaa.
[RouterB-rdsuser-aaa] password simple aabbcc
[RouterB-rdsuser-aaa] quit
# Specify the IP address of the RADIUS client as 10.1.1.1 and the plaintext shared key as abc
in plain text.
[RouterB] radius-server client-ip 10.1.1.1 key simple abc
Verifying the configuration
After entering username aaa@bbb or aaa and password aabbcc, user aaa can Telnet to Router A.
Use the display connection command to view the connection information on Router A.
<RouterA> display connection
Index=1 ,Username=aaa@bbb
IP=192.168.1.2
IPv6=N/A
Total 1 connection(s) matched.
Troubleshooting AAA
Troubleshooting RADIUS
Symptom 1
User authentication/authorization always fails.
To Next Page
Loading...
