1782
C
93: AAA/RADIUS/HWTACACS C
HAPTER
ONFIGURATION
The RADIUS server is responsible for both authentication and accounting. Its IP
■
address is 10.1.1.1.
On the router, set both the shared keys for authentication and accounting
■
packets to expert; the usernames sent to the RADIUS containing domain name.
The RADIUS server runs the CAMS server. On the RADIUS server, set both the
■
shared keys for authentication and accounting packets to expert; set the
authentication and accounting port numbers; add the Telnet usernames and
login passwords. Note that the usernames added onto the RADIUS server must
be in the userid@isp-name format.
Network diagram
Figure 517 Configure AAA for Telnet users by a RADIUS server
Telnet user
Configuration procedure
# Configure the IP addresses of various interfaces (omitted).
# Enable the Telnet server on the router.
<Router> system-view
[Router] telnet server enable
# Configure the router to use AAA for Telnet users.
<Router> system-view
[Router] user-interface vty 0 4
[Router-ui-vty0-4] authentication-mode scheme
[Router-ui-vty0-4] quit
# Create ISP domain.
[Router] domain 1
# Configure the accounting to be optional. As a CAMS server does not respond to
any accounting packets, this is required for a CAMS server.
[Router-isp-1] accounting optional
[Router-isp-1] quit
# Configure the RADIUS scheme.
[Router] radius scheme rad
[Router-radius-rad] primary authentication 10.1.1.1 1812
Authentication/Accounting server
10 .1.1.1/24
Router
Internet