HPE FlexNetwork HSR6800 Configuration Manual page 413
Comware 7 layer 3, ip services
Hide thumbs
Also See for FlexNetwork HSR6800:
- Security command reference (538 pages) ,
- Configuration manual (482 pages) ,
- Command reference manual (153 pages)
Table of Contents
Advertisement
Device
NAT3
Configuring the primary VAM server
1.
Configure IP addresses for the interfaces. (Details not shown.)
2.
Configure AAA:
# Configure RADIUS scheme abc.
<PrimaryServer> system-view
[PrimaryServer] radius scheme abc
[PrimaryServer-radius-abc] primary authentication 1.0.0.10 1812
[PrimaryServer-radius-abc] primary accounting 1.0.0.10 1813
[PrimaryServer-radius-abc] key authentication simple 123
[PrimaryServer-radius-abc] key accounting simple 123
[PrimaryServer-radius-abc] user-name-format without-domain
[PrimaryServer-radius-abc] quit
[PrimaryServer] radius session-control enable
# Configure AAA methods for ISP domain abc.
[PrimaryServer] domain abc
[PrimaryServer-isp-abc] authentication advpn radius-scheme abc
[PrimaryServer-isp-abc] accounting advpn radius-scheme abc
[PrimaryServer-isp-abc] quit
[PrimaryServer] domain default enable abc
3.
Configure the VAM server:
# Create ADVPN domain abc.
[PrimaryServer] vam server advpn-domain abc id 1
# Create hub group 0.
[PrimaryServer-vam-server-domain-abc] hub-group 0
# Configure hubs in hub group 0:
Hub1—The private address is 192.168.0.1, the public address is 1.0.0.1 (after NAT), and
the source port number of ADVPN packets is 4001 (after NAT).
Hub2—The private address is 192.168.0.2, the public address is 1.0.0.1 (after NAT), and
the source port number of ADVPN packets is 4002 (after NAT).
[PrimaryServer-vam-server-domain-abc-hub-group-0] hub private-address 192.168.0.1
public-address 1.0.0.1 advpn-port 4001
[PrimaryServer-vam-server-domain-abc-hub-group-0] hub private-address 192.168.0.2
public-address 1.0.0.1 advpn-port 4002
# Specify a spoke private IPv4 network.
[PrimaryServer-vam-server-domain-abc-hub-group-0] spoke private-address network
192.168.0.0 255.255.255.0
[PrimaryServer-vam-server-domain-abc-hub-group-0] quit
# Set the pre-shared key to 123456.
[PrimaryServer-vam-server-domain-abc] pre-shared-key simple 123456
# Set the authentication mode to CHAP.
Interface
IP address
GE2/1/2
10.0.0.1/24
GE2/1/1
1.0.0.3/24
GE2/1/2
10.0.0.1/24
Device
AAA server
Primary server
Secondary
server
400
Interface
IP address
GE2/1/2
10.0.0.1/24
10.0.0.2/24
GE2/1/1
10.0.0.3/24
GE2/1/1
10.0.0.4/24
Advertisement
Table of Contents
Troubleshooting
