Using RADIUS for Telnet Login Authentication
[Requirements]
To telnet to the router, you shall enter the correct user name h3c and password h3c to pass the authentication by the RADIUS server.
[Configuration script]
Configuration script (RouterA)
#
sysname Quidway
#
radius scheme system
radius scheme test /Create the RADIUS scheme test/
primary authentication 192.168.1.100 /Configure address and port number of the primary authentication server/
key authentication test /Configure shared key/
user-name-format without-domain /Set the account format to without domain name/
#
domain system
scheme radius-scheme test /Apply the RADIUS scheme test/
accounting optional /Enable accounting optional/
#
interface Ethernet1/0/0
ip address 192.168.1.254 255.255.255.0
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
authentication-mode scheme /Set scheme authentication/
#
return
[Verification]
Enter the user name h3c and password h3c to telnet to the system, and successfully log in after the account and password pass the authentication on the RADIUS server.
[Tip]
1. After creating the account and password h3c/h3c on the RADIUS server, you can use the account to telnet to the router.
2. If the user-name-format without-domain command is not configured, the account sent by the router will contain the domain name h3c@system, and the authentication will fail.
3. Make sure that the key on the router is the same as that on the RADIUS server.
4. In this mode, it is only necessary to authenticate the account with no need of accounting so that the parameters of the accounting server are not configured, and accounting optional is enabled.
Where there is no accounting server available or the communication with the accounting server fails, the user can keep using the network resources if the accounting optional command is configured; otherwise, the user will be cut off. This command is usually used in the case of authentication only (no accounting).
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作