The MA5600 is interconnected with the RADIUS server through the RADIUS protocol to implement authentication.
Configure the authentication scheme.
Configure authentication scheme newscheme (users are authenticated through RADIUS).
huawei(config)#aaa
huawei(config-aaa)#authentication-scheme newscheme
huawei(config-aaa-authen-newscheme)#authentication-mode radius
huawei(config-aaa-authen-newscheme)#quit
huawei(config-aaa)#quit
Configure the RADIUS protocol.
Create RADIUS server template template1. RADIUS server 10.10.66.66 functions as the primary authentication server, and RADIUS server 10.10.66.67 functions as the secondary authentication.
huawei(config)#radius-server template template1
Note: Create a new server template
huawei(config-radius-template1)#radius-server authentication 10.10.66.66 1812
huawei(config-radius-template1)#radius-server authentication 10.10.66.67 1812 secondary
huawei(config-radius-template1)#quit
Create a domain.
Create domain isp1.
huawei(config)#aaa
huawei(config-aaa)#domain isp1
Info: Create a new domain
Reference the authentication scheme.
You can reference an authentication scheme in a domain only after the authentication scheme is created.
huawei(config-aaa-domain-isp1)#authentication-scheme newscheme
Reference the RADIUS server template.
You can reference a RADIUS server template in a domain only after the RADIUS server template is created.
huawei(config-aaa-domain-isp1)#radius-server template1
huawei(config-aaa-domain-isp1)#quit
User1 in isp1 can be authenticated and can log in to the MA5600.
Configuration Script
aaa
authentication-scheme newscheme
authentication-mode radius
quit
quit
radius-server template radtest
radius-server authentication 10.10.66.66 1812
radius-server authentication 10.10.66.67 1812 secondary
quit
aaa
domain isp1
authentication MA5600T -scheme newscheme
radius-server radtest
quit
没有评论:
发表评论