R0106-HP MSR Router Series Fundamentals Configuration Guide(V7)
29
Figure 4 Network diagram
Configuration procedure
Make sure the settings on the router and the RADIUS server match.
1. Configure the router:
# Assign an IP address to GigabitEthernet 2/1/1, the interface connected to the Telnet user.
<Router> system-view
[Router] interface gigabitethernet 2/1/1
[Router-GigabitEthernet2/1/1] ip address 192.168.1.70 255.255.255.0
[Router-GigabitEthernet2/1/1] quit
# Assign an IP address to GigabitEthernet 2/1/2, the interface connected to the FreeRADIUS
server.
[Router] interface gigabitethernet 2/1/2
[Router-GigabitEthernet2/1/2] ip address 10.1.1.2 255.255.255.0
[Router-GigabitEthernet2/1/2] quit
# Enable Telnet server.
[Router] telnet server enable
# Enable scheme authentication on the user lines for Telnet users.
[Router] line vty 0 63
[Router-line-vty0-63] authentication-mode scheme
[Router-line-vty0-63] quit
# Create the RADIUS scheme rad and enter RADIUS scheme view.
[Router] radius scheme rad
# Specify the primary authentication and authorization server address 10.1.1.1 and the service
port 1812 in the scheme.
[Router-radius-rad] primary authentication 10.1.1.1 1812
# Set the shared key to expert in the scheme for the router to authenticate to the server.
[Router-radius-rad] key authentication expert
[Router-radius-rad] quit
# Specify the scheme rad as the authentication and authorization schemes for the ISP domain bbb.
IMPORTANT:
Because RADIUS user authorization information is piggybacked in authentication responses, the
authentication and authorization methods must use the same RADIUS scheme.