Professional Documents
Culture Documents
Objectives
Upon completion of this course, you will be able to:
Page 2
Course Contents
AAA & RADIUS Configuration (VRP 1.74) AAA & RADIUS Configuration (VRP 3.40)
Page 3
Relative commands
Method table
Page 4
Relative commands
FTP directory
Page 5
[Quidway] aaa-enable
User access is still available when the configuration is "charging impossible" to realize no charging:
Page 6
Page 7
radius-server retransmit
radius-server timeout
radius-server realtime-acct-timeout
Page 8
Startup AAA
[Quidway] aaa-enable
Configure the RADIUS server IP address and port, and use the default port number:
[Quidway] radius server 129.7.66.68 [Quidway] radius server 129.7.66.66 accouting-port 0 [Quidway] radius server 129.7.66.67 authentication-port 0
Page 9
Configure the RADIUS server key, number of retransmissions, duration of the timeout timer:
[Quidway-Serial0]ppp default
authentication-mode
pap
scheme
Page 10
It can be used for observing the packet transmission and receiving and the contents of the entire RADIUS packet
Page 11
Course Contents
AAA & RADIUS Configuration (VRP 1.74) AAA & RADIUS Configuration (VRP 3.40)
Page 12
Page 13
Page 14
portnum }
cut connection { all | access-type { dot1x | gcm } | domain domain-name | interface portnum | ip ip-address | mac mac-address | radius-scheme radius-scheme-name | vlan vlanid | ucibindex ucib-index | user-name user-name }
Page 15
IP addresses of primary and second servers shared key RADIUS server type
primary {authentication | accounting} ip-address [ port-number ] secondary {authentication | accounting} ip-address [ port-number ]
Page 16
state primary { accounting | authentication } { block | active } state secondary{ accounting | authentication } { block | active }
Page 17
display connection [ access-type { dot1x | gcm } | domain domain-name | interface portnum | ip ip-address | mac macaddress | radius-scheme radius-scheme-name | vlan vlanid | ucibindex ucib-index | user-name user-name ]
Page 18
Page 19
Internet RTA Supplicant HUAWEI TECHNOLOGIES CO., LTD. All rights reserved
Authenticator
Page 20
RADIUS Parameters:
Encryption key for authentication: name Encryption key for accounting: money Retransmit packets (5 seconds/time; no more than 5 times) Real-time accounting : every 15 minutes.
Create the RADIUS group radius1 and enters its configuration mode.
Page 22
Page 23
Specify the authentication modes for this domain (RADIUS and local):
[Quidway] local-user localuser@huawei.com [Quidway-user-localuser@huawei.com] password simple localpass [Quidway-user-localuser@huawei.com] service-type telnet terminal
Page 24
Page 25
Thank You
www.huawei.com