Optional) Configuring Ip Addresses For Web Authentication And Radius Authorization Servers - Huawei NetEngine80E Configuration Manual - Reliability
Hide thumbs
Also See for NetEngine80E:
- Configuration manual (1301 pages) ,
- Configuration manual - reliability (761 pages) ,
- Installation manual (169 pages)
Table of Contents
Advertisement
HUAWEI NetEngine80E/40E Router
Configuration Guide - Reliability
11.5.6 (Optional) Configuring IP Addresses for Web Authentication
and RADIUS Authorization Servers
The source IP address of the master and backup devices is configured the same as the BAS-IP
address of the web authentication server and the NAS-IP address of the RADIUS authorization
server.
Context
In N:1 RUI scenarios, the mapping between the address pool and BAS-IP address on the web
authentication server must be specified for each pair of master and slave devices. An IP address
pool, however, is shared only between the master and slave devices. Therefore, each pair of
master and slave devices must have a source IP address to communicate with the web
authentication server. The web-auth-server source [ vpn-instance vpn-instance-name ] source-
ip-address command specifies the source IP address of portal packets sent by the router to the
web authentication server as the BAS-IP address used independently by the web authentication
server.
In CoA and DM applications, the RADIUS authorization server sends requests to the router, and
the router responds to the RADIUS authorization server. The RADIUS server then checks the
source IP address of reply packets for security purposes. In N:1 RUI scenarios, the RADIUS
authorization server determines the IP address of the router to which authorization packets are
sent based on the user's bill. This IP address can be a NAS-IP adress or the address that the
router uses to exchange accounting-start packets with the RADIUS server.
To ensure that the RADIUS authorization server sends authorization packets to the exact
router, run the radius-authorization source command to specify a source IP address to each
pair of master and slave devices. You can also run the radius-authorization source same-as
nas-logic-ip command so that the router replies to the RADIUS server with packets that carry
the source IP address the same as the NAS-IP address, or run the radius-authorization
source [ vpn-instance vpn-instance-name ] source-ip-address command to separately specify
a source IP address.
Perform the following steps on each of routers that back up each other:
Procedure
l
Issue 02 (2014-09-30)
Configure the source IP address of portal packets sent by the router to the web authentication
server as the BAS-IP address used independently by the web authentication server.
1.
Run:
system-view
The system view is displayed.
2.
Run:
interface loopback loopBack interface number
A loopback interface is created, and the interface view is displayed.
3.
Run:
ip address
An IP address is configured for the loopback interface.
4.
Run:
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11 Multi-node Backup Configuration
1167
Advertisement
Table of Contents
