華為ME60 配置PPPOE-radius 業務
1.創建radius 認證
#
radius-server source interface LoopBack0
radius-server group pppoe
radius-server authentication 192.168.18.250 1812 weight 0 (與 redius 認證)
radius-server accounting 192.168.18.250 1813 weight 0 (與 redius 計費)
radius-server shared-key Hzbn22315 (與 redius 認證密鑰)
undo radius-server user-name domain-included (跟 reduis 認證去掉認證域后綴 "賬號@test 域")
radius-server authorization 192.168.18.250 shared-key Hzbn22315 server-group pppoe (與 reduis 認證密鑰)
2.創建虛擬模板
#
interface Virtual-Template0 虛擬模板(與raduis認證)
ppp authentication-mode pap chap
ppp keepalive interval 30 retransmit 5
ppp delay-lcp-negotiation
#
aaa
authentication-scheme auth-radius 建 auth-radius (默認radius 認證)
accounting-scheme acc-radius 建 acc-radius (默認radius 計費)
accounting start-fail online //計費失敗,用戶仍然在線
//aaa
authentication-scheme auth-radius
authentication-mode radius none
accounting-scheme acc-radius
accounting-mode radius-none
#
//
==============================================================================
3.創建域domain 與創建 ppoe-pool地址池
domain test radius 認證的ppoe組
authentication-scheme auth-radius 認證方式
accounting-scheme acc-radius 計費方式
ip-pool test1 綁定pool地址池
radius-server group pppoe radius 屬於PPOE組
IP-Warning-Threshold 85 //地址使用超過85%產生告警
domain test1 專線免認證
authentication-scheme default0 免認證
accounting-scheme default0 免計費
ip-pool test1
domain test2
authentication-scheme auth-radius
accounting-scheme acc-radius
ip-pool test2
radius-server group pppoe
domain test3
authentication-scheme default0
accounting-scheme default0
ip-pool test3
pool地址池
ip pool test1 bas local
gateway 10.96.0.1 255.255.240.0
section 0 10.96.0.2 10.96.15.254
excluded-ip-address 10.96.0.23
dns-server 116.6.73.230 116.6.73.228
#
ip pool test2 bas local
gateway 10.96.16.1 255.255.240.0
section 0 10.96.16.2 10.96.31.250
dns-server 116.6.73.230 116.6.73.228
#
ip pool test3 bas local
gateway 219.137.196.58 255.255.255.252
section 0 219.137.196.57 219.137.196.57
excluded-ip-address 219.137.196.57
dns-server 116.6.73.228 116.6.73.230
4.接口綁定vlan
interface GigabitEthernet1/1/0.1 子接口
user-vlan 1 4094
bas
#
access-type layer2-subscriber default-domain authentication test2
authentication-method ppp web 用戶PPOE撥到(test2 pool)上來帶上默認證域 (賬號@test2)
static-user 10.96.0.23 10.96.0.23 gateway 10.96.0.1 interface GigabitEthernet1/1/0.1 vlan 998 domain-name test1 detect
static-user 219.137.196.57 219.137.196.57 gateway 219.137.196.58 interface GigabitEthernet1/1/1.1 vlan 998 domain-name test3 detect
(專線IP綁定VLAN)
5.創建遠程管理 ssh 與 telnet
stelnet server enable ssh 開啟遠程管理服務
ssh authentication-type default password
user-interface con 0
authentication-mode aaa aaa認證方式 用戶名與密碼
user privilege level 15
idle-timeout 0 0 不超時
user-interface aux 0
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
protocol inbound ssh vty 0 4 采用SSH協議管理
user-interface vty 16 20
authentication-mode aaa
user privilege level 10
set authentication password cipher @-T`2'&EQ[3JJB.&]^VP,!!!
idle-timeout 5 0