(1)进入AAA视图。
[Quidway] aaa
(2)配置认证方案auth1,认证模式为RADIUS。
[Quidway–aaa] authentication-scheme auth1
[Quidway-aaa-authen-auth1] authentication-mode radius
[Quidway-aaa-authen-auth1] quit
(3)配置计费方案acct1,计费模式为RADIUS。
[Quidway–aaa] accounting-scheme acct1
[Quidway–aaa-accounting-acct1] accounting-mode radius
[Quidway–aaa-accounting-acct1] quit
[Quidway–aaa] quit
(4)配置RADIUS服务器组。
[Quidway] radius-server group shiva
(5)配置RADIUS主认证、计费服务器和端口。
[Quidway-radius-shiva] radius-server authentication 10.4.3.6 1812
[Quidway-radius-shiva] radius-server accounting 10.4.3.6 1813
(6)配置RADIUS备认证、计费服务器和端口。
[Quidway-radius-shiva] radius-server authentication 10.4.3.7 1812
[Quidway-radius-shiva] radius-server accounting 10.4.3.7 1813
(7)配置RADIUS服务器密钥、重传次数。
[Quidway-radius-shiva] radius-server shared-key this-is-my-secret
[Quidway-radius-shiva] radius-server retransmit 2
[Quidway-radius-shiva] quit
(8)如果需要在用户登录时将@后面的域名去掉则需要配置如下:
[Quidway-radius-shiva] undo radius-server user-name domain-included
(9)配置isp1域,在域下采用auth1认证方案、acct1计费方案、shiva的RADIUS服务器组和用户登录级别。
[Quidway] aaa
[Quidway-aaa] domain isp1
[Quidway-aaa-domain-isp1] authentication-scheme auth1
[Quidway-aaa-domain-isp1] accounting-scheme acct1
[Quidway-aaa-domain-isp1] radius-server group shiva
[Quidway-aaa-domain-isp1] adminuser-priority   1