No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Web-based Typical Configuration Examples

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600

This document provides examples for configuring AR router features in typical usage scenarios.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring RADIUS Authentication

Example for Configuring RADIUS Authentication

Applicability

This example applies to all AR models of V200R003C00 and later versions.

Networking Requirements

As shown in Figure 9-1, users belong to the domain huawei. Router functions as the network access server of the destination network. Users can access the destination network through Router only after being authenticated. The remote authentication on Router is described as follows:
  • The RADIUS server will authenticate access users for Router.
  • The RADIUS server at 10.7.66.66/24 functions as the primary authentication. The RADIUS server at 10.7.66.67/24 functions as the secondary authentication. The default authentication port is 1812.
Figure 9-1  Networking diagram of RADIUS authentication

Procedure

  1. Creating an authentication scheme.
    1. As shown in Figure 9-2, choose Security > AAA > AAA Scheme to open the AAA Scheme page.

      Figure 9-2  AAA Scheme

    2. Click Create in the Authentication Scheme area, configured the Authentication Scheme. As show in Figure 9-3.

      Figure 9-3  Create Authentication Scheme

    3. Click OK to complete the configuration.
  2. Create a RADIUS server template and an authentication/accounting server.
    1. As shown in Figure 9-4, choose Security > AAA > RADIUS Setting to open the RADIUS Setting page.

      Figure 9-4  RADIUS Setting

    2. Click Create in the RADIUS Server Template area to configure the RADIUS server template, as shown in Figure 9-5.

      Figure 9-5  Create RADIUS Server Template

    3. Click OK to complete the configuration.
    4. Click Create in the Authentication/Accounting Server area to configure the authentication/accounting server, as shown in Figure 9-6.

      Figure 9-6  Authentication/Accounting Server

    5. Click OK to complete the configuration.
  3. Configure the domain huawei and apply the authentication scheme and RADIUS template to the domain huawei.
    1. As shown in Figure 9-7, choose Security > AAA > Domain Setting to open the Domain Setting page.

      Figure 9-7  Domain Setting

    2. Click Create in the Domain List area to configure the domain information, as shown in Figure 9-8.

      Figure 9-8  Create Domain

    3. Click OK to complete the configuration.
  4. Verify the Configuration.

    # On the AAA Scheme page, information about the authentication scheme radiusauthen is displayed in the Authentication Scheme area, as shown in Figure 9-9.

    Figure 9-9  Authentication Scheme

    # On the RADIUS Setting page, information about the RADIUS template radiustemp is displayed in the RADIUS Server Template area, as shown in Figure 9-10.

    Figure 9-10  RADIUS Server Template

    # On the RADIUS Setting page, information about the authentication/accounting server radiustemp is displayed in the Authentication/Accounting Server area, as shown in Figure 9-11.

    Figure 9-11  Authentication/Accounting Server

    # On the Domain Setting page, information about the domain huawei is displayed in the Domain List area, as shown in Figure 9-12.

    Figure 9-12  Domain Setting

Configuration Notes

  • Perform the configurations in the previously described sequence; otherwise, the customized template will be unavailable when you set a scheme.
  • The router and the RADIUS server must use the same port number.
  • The router and the RADIUS server must use the same shared key.
  • There must be a reachable route between the router and the RADIUS server.

Translation
Download
Updated: 2019-05-20

Document ID: EDOC1000079722

Views: 51830

Downloads: 7500

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next