FAQ-How user without domain name could access to AR router?

Publication Date:  2015-06-29 Views:  311 Downloads:  0
Issue Description
FAQ-How user without domain name could access to AR router?
Solution

FAQ-How user without domain name could access to AR router?

A: The common configuration is as following.
radius-server template domain_test
radius-server shared-key cipher %@%@&N=i)rz0;DEvm/AAPN|*KVzI%@%@
radius-server authentication 172.1.1.10 1812 weight 80
radius-server accounting 172.1.1.10 1813 weight 80
undo radius-server user-name domain-included

aaa
authentication-scheme domain_test
  authentication-mode radius 
accounting-scheme domain_test
  accounting-mode radius
  accounting start-fail online
domain default 
domain default_admin 
domain test 
  authentication-scheme domain_test
  accounting-scheme domain_test
  radius-server domain_test
local-user admin password cipher %@%@2"[nGpny~&CK&PFl_ls),~BJ%@%@
local-user admin privilege level 15
local-user admin service-type telnet web http

In order to achieve user with domain name could access AR router. We need to add below command
domain test admin      ///Change the configured domain test to admin domain for administrator user.

Because customer also want to local account on AR router still works. We need to change authentication-scheme.
authentication-scheme domain_test
  authentication-mode local radius     ///Add local authentication for access user.
 
The test result show the configuration works fine.

Local account on AR router

 

 

Radius user:

 

END