Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring RADIUS Authentication
Networking Requirements
As shown in Figure 10-1, users belong to the domain huawei. Router functions as the network access server of the destination network. Users can access the destination network through Router only after being authenticated. The remote authentication on Router is described as follows:
- The RADIUS server will authenticate access users for Router.
- The RADIUS server at 10.7.66.66/24 functions as the primary authentication. The RADIUS server at 10.7.66.67/24 functions as the secondary authentication. The default authentication port is 1812.
Procedure
- Creating an authentication scheme.
- As shown in Figure 10-2, choose to open the AAA Scheme page.
- Click Create in the Authentication Scheme area, configured the Authentication Scheme. As shown in Figure 10-3.
- Create a RADIUS server template and an authentication/accounting server.
- As shown in Figure 10-4, choose to open the RADIUS Setting page.
- Click Create in the RADIUS Server Template area to configure the RADIUS server template, as shown in Figure 10-5.
- Click Create in the Authentication/Accounting Server area to configure the authentication/accounting server, as shown in Figure 10-6.
- Configure the domain huawei and apply the authentication scheme and RADIUS template to the domain huawei.
- As shown in Figure 10-7, choose to open the Domain Setting page.
- Click Create in the Domain List area to configure the domain information, as shown in Figure 10-8.
- Verify the configuration.
# On the AAA Scheme page, information about the authentication scheme radiusauthen is displayed in the Authentication Scheme area, as shown in Figure 10-9.
# On the RADIUS Setting page, information about the RADIUS template radiustemp is displayed in the RADIUS Server Template area, as shown in Figure 10-10.
# On the RADIUS Setting page, information about the authentication/accounting server radiustemp is displayed in the Authentication/Accounting Server area, as shown in Figure 10-11.
# On the Domain Setting page, information about the domain huawei is displayed in the Domain List area, as shown in Figure 10-12.
Configuration Notes
- Perform the configurations in the previously described sequence; otherwise, the customized template will be unavailable when you set a scheme.
- The router and the RADIUS server must use the same port number.
- The router and the RADIUS server must use the same shared key.
- There must be a reachable route between the router and the RADIUS server.