华为ME60 配置PPPOE-radius 业务
1.创建radius 认证
#
radius-server source interface LoopBack0
radius-server group pppoe
radius-server authentication 192.168.18.250 1812 weight 0 (与 redius 认证)
radius-server accounting 192.168.18.250 1813 weight 0 (与 redius 计费)
radius-server shared-key Hzbn22315 (与 redius 认证密钥)
undo radius-server user-name domain-included (跟 reduis 认证去掉认证域后缀 "账号@test 域")
radius-server authorization 192.168.18.250 shared-key Hzbn22315 server-group pppoe (与 reduis 认证密钥)
2.创建虚拟模板
#
interface Virtual-Template0 虚拟模板(与raduis认证)
ppp authentication-mode pap chap
ppp keepalive interval 30 retransmit 5
ppp delay-lcp-negotiation
#
aaa
authentication-scheme auth-radius 建 auth-radius (默认radius 认证)
accounting-scheme acc-radius 建 acc-radius (默认radius 计费)
accounting start-fail online //计费失败,用户仍然在线
//aaa
authentication-scheme auth-radius
authentication-mode radius none
accounting-scheme acc-radius
accounting-mode radius-none
#
//
==============================================================================
3.创建域domain 与创建 ppoe-pool地址池
domain test radius 认证的ppoe组
authentication-scheme auth-radius 认证方式
accounting-scheme acc-radius 计费方式
ip-pool test1 绑定pool地址池
radius-server group pppoe radius 属于PPOE组
IP-Warning-Threshold 85 //地址使用超过85%产生告警
domain test1 专线免认证
authentication-scheme default0 免认证
accounting-scheme default0 免计费
ip-pool test1
domain test2
authentication-scheme auth-radius
accounting-scheme acc-radius
ip-pool test2
radius-server group pppoe
domain test3
authentication-scheme default0
accounting-scheme default0
ip-pool test3
pool地址池
ip pool test1 bas local
gateway 10.96.0.1 255.255.240.0
section 0 10.96.0.2 10.96.15.254
excluded-ip-address 10.96.0.23
dns-server 116.6.73.230 116.6.73.228
#
ip pool test2 bas local
gateway 10.96.16.1 255.255.240.0
section 0 10.96.16.2 10.96.31.250
dns-server 116.6.73.230 116.6.73.228
#
ip pool test3 bas local
gateway 219.137.196.58 255.255.255.252
section 0 219.137.196.57 219.137.196.57
excluded-ip-address 219.137.196.57
dns-server 116.6.73.228 116.6.73.230
4.接口绑定vlan
interface GigabitEthernet1/1/0.1 子接口
user-vlan 1 4094
bas
#
access-type layer2-subscriber default-domain authentication test2
authentication-method ppp web 用户PPOE拨到(test2 pool)上来带上默认证域 (账号@test2)
static-user 10.96.0.23 10.96.0.23 gateway 10.96.0.1 interface GigabitEthernet1/1/0.1 vlan 998 domain-name test1 detect
static-user 219.137.196.57 219.137.196.57 gateway 219.137.196.58 interface GigabitEthernet1/1/1.1 vlan 998 domain-name test3 detect
(专线IP绑定VLAN)
5.创建远程管理 ssh 与 telnet
stelnet server enable ssh 开启远程管理服务
ssh authentication-type default password
user-interface con 0
authentication-mode aaa aaa认证方式 用户名与密码
user privilege level 15
idle-timeout 0 0 不超时
user-interface aux 0
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
protocol inbound ssh vty 0 4 采用SSH协议管理
user-interface vty 16 20
authentication-mode aaa
user privilege level 10
set authentication password cipher @-T`2'&EQ[3JJB.&]^VP,!!!
idle-timeout 5 0