Configuring the Remote AAA (RADIUS Protocol) -Part-2

Configuring the Remote AAA (RADIUS Protocol)-Part-2

Step 5 Use the authentication scheme.

You can use an authentication scheme in a domain only after the authentication scheme is created.

In the domain mode, run the authentication-scheme command to use the authentication scheme.

Step 6 Use the accounting scheme.

You can use an accounting scheme in a domain only after the accounting scheme is created.

In the domain mode, run the accounting-scheme command to use the accounting scheme.

Step 7 Use the RADIUS server template.

You can use a RADIUS server template in a domain only after the RADIUS server template is created.

  1. In the domain mode, run the radius-server template command to use the RADIUS server

template.

  1. Run the quit command to return to the AAA mode.

—-End of Part-2—-

Example:

 User1 in the isp domain adopts the HWTACACS protocol for authentication and accounting. The accounting interval is 10 minutes, the authentication password is a123456, HWTACACS server 10.10.66.66 functions as the primary authentication and accounting server, and HWTACACS server 10.10.66.67 functions as the standby authentication and accounting server.

On the HWTACACS server, the authentication port ID is 1812, accounting port ID 1813, and other parameters adopt the default values. To perform the preceding configuration, do as follows:

huawei(config)#aaa

huawei(config-aaa)#authentication-scheme newscheme

huawei(config-aaa-authen-newscheme)#authentication-mode radius

huawei(config-aaa-authen-newscheme)#quit

huawei(config-aaa)#accounting-scheme newscheme

huawei(config-aaa-accounting-newscheme)#accounting-mode radius

huawei(config-aaa-accounting-newscheme)#accounting interim interval 10

huawei(config-aaa-accounting-newscheme)#quit

huawei(config)#radius-server template hwtest

huawei(config-radius-hwtest)#radius-server authentication 10.10.66.66 1812

huawei(config-radius-hwtest)#radius-server authentication 10.10.66.67 1812 secondary

huawei(config-radius-hwtest)#radius-server accounting 10.10.66.66 1813

huawei(config-radius-hwtest)#radius-server accounting 10.10.66.67 1813 secondary

huawei(config-radius-hwtest)#quit

huawei(config)#aaa

huawei(config-aaa)#domain isp

huawei(config-aaa-domain-isp)#authentication-scheme newscheme

huawei(config-aaa-domain-isp)#accounting-scheme newscheme

huawei(config-aaa-domain-isp)#radius-server hwtest

huawei(config-aaa-domain-isp)#quit

 

—End —

Be the first to comment

Leave a Reply

Your email address will not be published.


*


For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

I agree to these terms.