1-16
The following configuration procedure covers most AAA/RADIUS configuration commands for the
device, while configuration on the 802.1X client and RADIUS server are omitted. For information about
AAA/RADIUS configuration commands, refer to
AAA Configuration
in the
Security Volume
.
# Configure the IP addresses for each interface. (Omitted)
# Add local access user localuser, enable the idle cut function, and set the idle cut interval.
<Device> system-view
[Device] local-user localuser
[Device-luser-localuser] service-type lan-access
[Device-luser-localuser] password simple localpass
[Device-luser-localuser] attribute idle-cut 20
[Device-luser-localuser] quit
# Create RADIUS scheme
radius1
and enter its view.
[Device] radius scheme radius1
# Configure the IP addresses of the primary authentication and accounting RADIUS servers.
[Device-radius-radius1] primary authentication 10.1.1.1
[Device-radius-radius1] primary accounting 10.1.1.1
# Configure the IP addresses of the secondary authentication and accounting RADIUS servers.
[Device-radius-radius1] secondary authentication 10.1.1.2
[Device-radius-radius1] secondary accounting 10.1.1.2
# Specify the shared key for the device to exchange packets with the authentication server.
[Device-radius-radius1] key authentication name
# Specify the shared key for the device to exchange packets with the accounting server.
[Device-radius-radius1] key accounting money
# Set the interval for the device to retransmit packets to the RADIUS server and the maximum number
of transmission attempts.
[Device-radius-radius1] timer response-timeout 5
[Device-radius-radius1] retry 5
# Set the interval for the device to send real time accounting packets to the RADIUS server.
[Device-radius-radius1] timer realtime-accounting 15
# Specify the device to remove the domain name of any username before passing the username to the
RADIUS server.
[Device-radius-radius1] user-name-format without-domain
[Device-radius-radius1] quit
# Create domain
aabbcc.net
and enter its view.
[Device] domain aabbcc.net
# Set
radius1
as the RADIUS scheme for users of the domain and specify to use local authentication as
the secondary scheme.
[Device-isp-aabbcc.net] authentication default radius-scheme radius1 local
[Device-isp-aabbcc.net] authorization default radius-scheme radius1 local
[Device-isp-aabbcc.net] accounting default radius-scheme radius1 local
# Set the maximum number of users for the domain as 30.
[Device-isp-aabbcc.net] access-limit enable 30
# Enable the idle cut function and set the idle cut interval.
[Device-isp-aabbcc.net] idle-cut enable 20