R2511-HP MSR Router Series Security Configuration Guide(V5)
77
Figure 30 Network diagram
Configuration procedure
1. Configure an IP address for each interface as shown in Figure 30. (Details not shown.)
2. Configure the NAS:
# Enable the Telnet server on Router A.
<RouterA> system-view
[RouterA] telnet server enable
# Configure Router A to use AAA for Telnet users.
[RouterA] user-interface vty 0 4
[RouterA-ui-vty0-4] authentication-mode scheme
[RouterA-ui-vty0-4] quit
# Create RADIUS scheme rad.
[RouterA] radius scheme rad
# Specify the IP address of the primary authentication server as 10.1.1.2, the port for
authentication as 1645, and the shared key for secure authentication communication as abc.
[RouterA-radius-rad] primary authentication 10.1.1.2 1645 key abc
# Remove domain names from the usernames sent to the RADIUS server.
[RouterA-radius-rad] user-name-format without-domain
# Set the source IP address for outgoing RADIUS packets as 10.1.1.1.
[RouterA-radius-rad] nas-ip 10.1.1.1
# Configure the RADIUS server type as standard. When a network device is configured to be a
RADIUS server, the server type must be set to standard.
[RouterA-radius-rad] server-type standard
[RouterA-radius-rad] quit
# Create ISP domain bbb.
[RouterA] domain bbb
# Specify the authentication method for Telnet users as rad.
[RouterA-isp-bbb] authentication login radius-scheme rad
# Specify the authorization method for Telnet users as rad.
[RouterA-isp-bbb] authorization login radius-scheme rad
# Specify the accounting method for Telnet users as none.
[RouterA-isp-bbb] accounting login none
[RouterA-isp-bbb] quit
# Configure bbb as the default ISP domain. Then, if a user enters a username without any ISP
domain at login, the authentication and accounting methods of the default domain will be used for
the user.
[RouterA] domain default enable bbb
3. Configure the RADIUS server:
# Create RADIUS user aaa and enter its view.
Telnet user
192.168.1.2
Router A Router B
NAS RADIUS server
Eth1/2
10.1.1.1/24
Eth1/1
10.1.1.2/24
Eth1/1
192.168.1.1/24