2013年12月17日星期二

Configuring the Remote AAA on Huawei MA5600

The MA5600/MA5603 is interconnected with the RADIUS server through the RADIUS protocol to implement authentication.

The authentication scheme specifies how all the users in an ISP domain are authenticated.
The system supports up to 16 authentication schemes. The system has a default accounting scheme named default. It can only be modified, but cannot be deleted.

To guarantee normal communication between the MA5600/MA5603 and the RADIUS server, before configuring the IP address and UDP port of the RADIUS server, make sure that the route between the RADIUS server and the MA5600/MA5603 is in the normal state.
Make sure that the configuration of the RADIUS service port of the MA5600/MA5603 is consistent with the port configuration of the RADIUS server.

The RADIUS client (MA5600/MA5603) and the RADIUS server use the MD5 algorithm to encrypt the RADIUS packets. They check the validity of the packets by setting the encryption key. They can receive the packets from each other and can respond to each other only when their keys are the same.
By default, the shared key of the RADIUS server is huawei.

User1 in the isp domain adopts the RADIUS protocol for authentication. RADIUS server 10.10.66.66 functions as the primary authentication server, and RADIUS server 10.10.66.67 functions as the secondary authentication server. On the RADIUS server, the authentication port ID is 1812, and the other parameters adopt the default values. To perform the preceding configuration, do as follows:
huawei(config)#aaa
huawei(config-aaa)#authentication-scheme newscheme
huawei(config-aaa-authen-newscheme)#authentication-mode radius
huawei(config-aaa-authen-newscheme)#quit
huawei(config-aaa)#quit
huawei(config)#radius-server template hwtest
huawei(config-radius-hwtest)#radius-server authentication 10.10.66.66 1812
huawei(config-radius-hwtest)#radius-server authentication 10.10.66.67 1812 secondary
huawei(config-radius-hwtest)#quit
huawei(config)#aaa                                      
huawei(config-aaa)#domain isp                                             
huawei(config-aaa-domain-isp)#authentication-scheme newscheme
huawei(config-aaa-domain-isp)#radius-server hwtest

huawei(config Huawei MA5600 -aaa-domain-isp)#quit
发帖者 时间:

没有评论:

发表评论

订阅: 博文评论 (Atom)