Manualshelf

R3303-HP HSR6800 Routers Layer 3 - IP Services Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis
311312313314315316317318319320
307
Spoke 3 GE3/0
/
1 192.168.1.5
/
24
Tunnel1 10.0.1.4
/
24
GE3/0/2 10.0.5.1/24 Tunnel2 10.0.2.4/24
Tunnel2 10.0.2.3
/
24
Primary
server
GE3/0
/
1 192.168.1.22
/
24
A
AA server 192.168.1.11
/
24
Secondary
server
GE3/0
/
1 192.168.1.33/
/
24
Configuring the primary VAM server
1. Configure IP addresses for the interfaces. (Details not shown.)
2. Configure AAA:
<PrimaryServer> system-view
# Configure RADIUS scheme radsun.
[PrimaryServer] radius scheme radsun
[PrimaryServer-radius-radsun] primary authentication 192.168.1.11 1812
[PrimaryServer-radius-radsun] primary accounting 192.168.1.11 1813
[PrimaryServer-radius-radsun] key authentication expert
[PrimaryServer-radius-radsun] key accounting expert
[PrimaryServer-radius-radsun] server-type extended
[PrimaryServer-radius-radsun] user-name-format without-domain
[PrimaryServer-radius-radsun] quit
# Configure the AAA methods for the ISP domain domain1.
[PrimaryServer] domain domain1
[PrimaryServer-isp-domain1] authentication dvpn radius-scheme radsun
[PrimaryServer-isp-domain1] authorization dvpn radius-scheme radsun
[PrimaryServer-isp-domain1] accounting dvpn radius-scheme radsun
[PrimaryServer-isp-domain1] quit
[PrimaryServer] domain default enable domain1
3. Configure the VAM server:
# Specify the listening address of the server.
[PrimaryServer] vam server ip-address 192.168.1.22
# Create VPN domain 1.
[PrimaryServer] vam server vpn 1
# Set the pre-shared key to 123.
[PrimaryServer-vam-server-vpn-1] pre-shared-key simple 123
# Set the VAM client authentication mode to CHAP.
[PrimaryServer-vam-server-vpn-1] authentication-method chap
# Specify the IP addresses of the hubs for VPN 1.
[PrimaryServer-vam-server-vpn-1] hub private-ip 10.0.1.1
[PrimaryServer-vam-server-vpn-1] hub private-ip 10.0.1.2
[PrimaryServer-vam-server-vpn-1] quit
# Create VPN domain 2.
[PrimaryServer] vam server vpn 2
# Set the pre-shared key to 456.
[PrimaryServer-vam-server-vpn-2] pre-shared-key simple 456
# Set the VAM client authentication mode to PAP.
[PrimaryServer-vam-server-vpn-2] authentication-method pap
# Specify the IP addresses of the hubs for VPN 2.