Table of Contents
Advertisement
Figure 112 Network diagram
Host
2.2.2.2/24
Gateway: 2.2.2.1/24
Configuration prerequisites
•
Configure IP addresses for the host, router, and servers as shown in
they can reach each other.
•
Configure the RADIUS server correctly to provide authentication and accounting functions.
Procedure
Perform the following tasks on the router.
1.
Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<Router> system-view
[Router] radius scheme rs1
# Specify the primary authentication server and primary accounting server, and configure the
keys for communication with the servers.
[Router-radius-rs1] primary authentication 192.168.0.112
[Router-radius-rs1] primary accounting 192.168.0.112
[Router-radius-rs1] key accounting simple radius
[Router-radius-rs1] key authentication simple radius
[Router-radius-rs1] user-name-format without-domain
# Enable RADIUS session control.
[Router] radius session-control enable
# Specify a session-control client with IP address 192.168.0.113 and shared key 12345 in plain
text.
[Router] radius session-control client ip 192.168.0.113 key simple 12345
2.
Configure an authentication domain:
# Create an ISP domain named dm1 and enter its view.
[Router] domain dm1
# Configure AAA methods for the ISP domain.
[Router-isp-dm1] authentication portal radius-scheme rs1
[Router-isp-dm1] authorization portal radius-scheme rs1
[Router-isp-dm1] accounting portal radius-scheme rs1
[Router-isp-dm1] quit
# Configure domain dm1 as the default ISP domain. If a user enters the username without the
ISP domain name at login, the authentication and accounting methods of the default domain
are used for the user.
GE1/0/2
GE1/0/1
2.2.2.1/24
192.168.0.100/24
Router
Portal server
192.168.0.111/24
RADIUS server
192.168.0.112/24
Security policy server
192.168.0.113/24
346
Figure 112
and make sure
Advertisement
Table of Contents
Troubleshooting
