544 CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL
3 Configure RADIUS server
[Router] radius server 129.7.66.66 authentication-port 1000
accounting-port 1001
[Router] radius server 129.7.66.67
4 Configure RADIUS server shared secret, retransmission times, and time length of
timeout timer
[Router] radius shared-key this-is-my-secret
[Router] radius retry 2
5 Configure real-time accounting with interval of 5 minutes
[Router] radius timer realtime-accounting 5
Authenticating an FTP
Use
r
The authentication server is 129.7.66.66, numbers of ports being 1812 and 1813.
Authenticate and charge FTP users using RADIUS server first, and if there is no
response, do not authenticate or charge them.
See Figure 169.
1 Enable AAA and configure default authentication method list of FTP user.
[Router]aaa-enable
[Router]aaa authentication-scheme login default radius none
2 Enable FTP server
[Router]ftp-server enable
3 Configure user abc and authorize the user to use FTP service.
[Router] local-user abc service-type ftp password simple hello
4 Configure RADIUS server IP address and port, using default port number
[Router]radius server 129.7.66.66
5 Configure RADIUS server shared secret, retransmission times, timeout and RADIUS
server dead time.
[Router] rad shared-key this-is-my-secret
[Router] radius retry 4
[Router] radius timer response-timeout 2
[Router] radius timer quiet 1
Troubleshooting AAA
and RADIUS
Local user authentication is always rejected
Follow the steps below.
1 Check whether correct password has been configured in local-user command.
2 Check whether the authorized service-type is correct.
3 When RADIUS server accounting is used, and the command aaa
accounting-scheme optional
is not configured, check whether the RADIUS
server can be pinged through. Also check whether the address, port number and
key of RADIUS server configured on the router for accounting are identical with
those on the RADIUS server in use.
4 If the operation above does not work, use the radius server command to
reconfigure the RADIUS server. Because of the communication failure with the
RADIUS server mentioned. RADIUS server is considered by the system as