to the RADIUS to ensure that users can get corresponding services from the RADIUS
server.
6.
(Optional) Run the
radius-server retransmit
command to set the maximum re-transmit
time of the RADIUS request packets. By default, the maximum re-transmit time is 3.
When the re-transmit time of the RADIUS request packets to a RADIUS server exceeds
the maximum re-transmit time, the MA5616 considers that its communication with the
RADIUS server is interrupted, and thus transmits the RADIUS request packets to another
RADIUS server.
7.
(Optional) Run the
(undo)radius-server user-name domain-included
command to
configure the user name (not) to carry the domain name when transmitted to the RADIUS
server. By default, the user name of the RADIUS server carries the domain name.
l
An access user is named in the format of
userid@domain-name
, and the part after @
is the domain name. The MA5616 classifies a user into a domain according to the
domain name.
l
If an RADIUS server group rejects the user name carrying the domain name, the
RADIUS server group cannot be set or used in two or more domains. Otherwise, when
some access users in different domains have the same user name, the RADIUS server
considers that these users are the same because the names transmitted to the server are
the same.
8.
Run the
quit
command to return to the global config mode.
Step 4
Create a domain.
A domain is a group of users of the same type.
In the user name format userid@domain-name (for example, [email protected]),
"userid" indicates the user name for authentication and "domain-name" followed by "@"
indicates the domain name.
The common domain name for login cannot exceed 15 characters, and the domain name for
802.1x authentication cannot exceed 20 characters.
1.
Run the
aaa
command to enter the AAA mode.
2.
In the AAA mode, run the
domain
command to create a domain.
Step 5
Use the authentication scheme.
You can use an authentication scheme in a domain only after the authentication scheme is
created.
In the domain mode, run the
authentication-scheme
command to use the authentication scheme.
Step 6
Use the accounting scheme.
You can use an accounting scheme in a domain only after the accounting scheme is created.
In the domain mode, run the
accounting-scheme
command to use the accounting scheme.
Step 7
Use the RADIUS server template.
NOTE
You can use a RADIUS server template in a domain only after the RADIUS server template is created.
1.
In the domain mode, run the
radius-server template
command to use the RADIUS server
template.
SmartAX MA5616 Multi-service Access Module
Configuration Guide
3 Basic Configuration
Issue 04 (2011-10-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
99