No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring IP Addresses for Web Authentication and RADIUS Authorization Servers

(Optional) Configuring IP Addresses for Web Authentication and RADIUS Authorization Servers

The source IP address of the master and backup devices is the same as the BAS-IP address of the web authentication server and the NAS-IP address of the RADIUS authorization server.

Context

In hot backup scenarios, the mapping between address pools and BAS-IP addresses must be specified on the web authentication server for each pair of master and backup devices. An IP address pool is shared only between the master and backup devices. Therefore, each pair of master and backup devices must have a source IP address to communicate with the web authentication server. The web-auth-server source [ vpn-instance vpn-instance-name ] source-ip-address command specifies the source IP address of portal packets sent by the router to the web authentication server as the BAS-IP address.

In CoA and DM applications, the RADIUS authorization server sends requests to the router, and the router responds to the RADIUS authorization server. The RADIUS server then checks the source IP address of reply packets for security. In N:1 hot backup scenarios, the RADIUS authorization server determines the IP address of the router to which authorization packets are sent based on user's bill information. This IP address can be a NAS-IP address or the address that the router uses to exchange accounting-start packets with the RADIUS server.

To ensure that the RADIUS authorization server sends authorization packets to the exact router, run the radius-authorization source command to specify a source IP address for each pair of master and backup devices. To ensure that the source IP address in the packets sent by the router to the RADIUS server is the same as the NAS-IP address, run the radius-authorization source same-as nas-logic-ip command. Alternatively, run the radius-authorization source [ vpn-instance vpn-instance-name ] source-ip-address command to specify a source IP address.

Perform the following operations on both routers that back up each other:

Procedure

  • Configure the source IP address of portal packets sent by the router to the web authentication server as the BAS-IP address, which is used independently by the web authentication server.

    1. Run system-view

      The system view is displayed.

    2. Run interface loopback loopBack interface number interface-number

      A loopback interface is created, and the interface view is displayed.

    3. Run ip address ip address { mask | mask-length }

      An IP address is configured for the loopback interface.

    4. Run quit

      Exit the interface view.

    5. Run remote-backup-service service-name

      The remote backup service view is displayed.

    6. Run web-auth-server source [ vpn-instance vpn-instance-name ] source-ip-address

      The loopback interface's IP address is configured as the BAS-IP address used independently by the web authentication server.

    7. Run commit

      The configuration is committed.

  • Set the source IP address of the master and backup devices to be the same as the NAS-IP address of the RADIUS authorization server.
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The interface view is displayed.

    3. Run ip address ip address { mask | mask-length }

      An IP address is configured for the interface.

    4. Run quit

      Exit the interface view.

    5. Run remote-backup-service service-name

      The remote backup service view is displayed.

    6. Run radius-authorization source same-as nas-logic-ip or radius-authorization source [ vpn-instance vpn-instance-name ] source-ip-address

      The NAS IP address of the RADIUS authorization server is set to be the same as the source IP address of the master and backup devices.

      NOTE:

      If a NAS-IP address is specified in the RADIUS server template, run the radius-authorization source same-as nas-logic-ip the command; otherwise, run the radius-authorization source [ vpn-instance vpn-instance-name ] source-ip-address command.

    7. Run commit

      The configuration is committed.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17343

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next