R2511-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V5)
186
Tunnel1 10.0.1.2/24
Spoke 2
Eth1/1
192.168.1.4/24
Primary server Eth1/1 192.168.1.22/24
Eth1/2 10.0.3.1/24
Secondary server Eth1/1 192.168.1.33//2
4
Tunnel1 10.0.1.4/24
A
AA server 192.168.1.11/24
Configuration procedure
Configuring the primary VAM server
1. Configure IP addresses for the interfaces. (Details not shown.)
2. Configure AAA:
<PrimaryServer> system-view
# Configure RADIUS scheme radsun.
[PrimaryServer] radius scheme radsun
[PrimaryServer-radius-radsun] primary authentication 192.168.1.11 1812
[PrimaryServer-radius-radsun] primary accounting 192.168.1.11 1813
[PrimaryServer-radius-radsun] key authentication expert
[PrimaryServer-radius-radsun] key accounting expert
[PrimaryServer-radius-radsun] server-type extended
[PrimaryServer-radius-radsun] user-name-format without-domain
[PrimaryServer-radius-radsun] quit
# Configure the AAA methods for the ISP domain domain1.
[PrimaryServer] domain domain1
[PrimaryServer-isp-domain1] authentication dvpn radius-scheme radsun
[PrimaryServer-isp-domain1] authorization dvpn radius-scheme radsun
[PrimaryServer-isp-domain1] accounting dvpn radius-scheme radsun
[PrimaryServer-isp-domain1] quit
[PrimaryServer] domain default enable domain1
3. Configure the VAM server:
# Specify the listening address of the server.
[PrimaryServer] vam server ip-address 192.168.1.22
# Create VPN domain 1.
[PrimaryServer] vam server vpn 1
# Set the pre-shared key to 123.
[PrimaryServer-vam-server-vpn-1] pre-shared-key simple 123
# Set VAM client authentication mode to CHAP.
[PrimaryServer-vam-server-vpn-1] authentication-method chap
# Specify the IP addresses of the hubs for VPN 1.
[PrimaryServer-vam-server-vpn-1] hub private-ip 10.0.1.1
[PrimaryServer-vam-server-vpn-1] hub private-ip 10.0.1.2
# Enable VAM server for all VPNs.
[PrimaryServer] vam server enable all