2024年1月9日发(作者：赖明)

1. RADIUS配置

RADIUS客户端配置：

思科设备例子：

交换机和路由器的配置：

aaa new-model

aaa authentication login auth group radius local //配置登陆认证的优先级

radius-server host 139.123.252.245 auth-port 1812 acct-port 1813

//配置RADIUS服务器IP地址和端口。

radius-server host 139.123.252.244 auth-port 1812 acct-port 1813

radius-server retransmit 3

radius-server key ZDBF%51 //配置密码

line vty 0 4

login authentication auth

防火墙PIX的配置：

aaa-server radius-authport 1812

aaa-server radius-acctport 1813

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server rsa_radius protocol radius

aaa-server auth protocol radius

aaa-server auth (inside) host 192.168.41.226 ZDBF%51 timeout 10

aaa-server LOCAL protocol tacacs+

aaa-server radius protocol radius

aaa authentication telnet console auth

华为设备例子：

VRP3.X版本的配置：

radius scheme auth

primary authentication 192.168.41.226 1812 //配置主用服务器IP地址和端口

primary accounting 192.168.41.226 1813

secondary authentication 192.168.41.227 1812 //配置备用服务器IP地址和端口

secondary accounting 192.168.41.227 1813

key authentication ZDBF%51 //配置密码

key accounting ZDBF%51

user-name-format without-domain

domain auth

scheme radius-scheme auth local

accounting optional

domain default enable auth

user-interface vty 0 4

authentication-mode scheme

VRP5.X版本的配置：

radius scheme auth

primary authentication 192.168.41.226 1812 //配置主用服务器IP地址和端口

primary accounting 192.168.41.226 1813

secondary authentication 192.168.41.227 1812 //配置备用服务器IP地址和端口

secondary accounting 192.168.41.227 1813

key authentication ZDBF%51 //配置密码

key accounting ZDBF%51

domain auth

authentication default radius-scheme auth local //配置AAA中的认验模式

authorization default radius-scheme auth local //配置AAA中的授权模式

accounting optional

domain default enable auth

user-interface vty 0 4

authentication-mode scheme

华为E100、E200和E500的配置：

radius-server template auth

radius-server shared-key ZDBF%51

radius-server authentication 192.168.41.226 1812

radius-server authentication 192.168.41.227 1812 secondary

radius-server accounting 192.168.41.226 1813

radius-server accounting 192.168.41.227 1813 secondary

aaa

local-user huawei password cipher N`C55QK<`=/Q=^Q`MAF4<1!!

authentication-scheme default

authentication-mode radius local

#

authorization-scheme default

#

accounting-scheme default

#

domain default

radius-server auth

NETSCREEN设备例子：

set auth-server "Local" id 0

set auth-server "Local" server-name "Local"

set auth-server "radius" id 1

set auth-server "radius" server-name "192.168.41.226"

set auth-server "radius" backup1 "192.168.41.227"

set auth-server "radius" account-type auth

set auth-server "radius" radius port 1812

set auth-server "radius" radius secret "ZDBF%51"

set auth default auth server "radius"

set admin auth server "radius"

set admin privilege read-write

2024年1月9日发(作者：赖明)

1. RADIUS配置

RADIUS客户端配置：

思科设备例子：

交换机和路由器的配置：

aaa new-model

aaa authentication login auth group radius local //配置登陆认证的优先级

radius-server host 139.123.252.245 auth-port 1812 acct-port 1813

//配置RADIUS服务器IP地址和端口。

radius-server host 139.123.252.244 auth-port 1812 acct-port 1813

radius-server retransmit 3

radius-server key ZDBF%51 //配置密码

line vty 0 4

login authentication auth

防火墙PIX的配置：

aaa-server radius-authport 1812

aaa-server radius-acctport 1813

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server rsa_radius protocol radius

aaa-server auth protocol radius

aaa-server auth (inside) host 192.168.41.226 ZDBF%51 timeout 10

aaa-server LOCAL protocol tacacs+

aaa-server radius protocol radius

aaa authentication telnet console auth

华为设备例子：

VRP3.X版本的配置：

radius scheme auth

primary authentication 192.168.41.226 1812 //配置主用服务器IP地址和端口

primary accounting 192.168.41.226 1813

secondary authentication 192.168.41.227 1812 //配置备用服务器IP地址和端口

secondary accounting 192.168.41.227 1813

key authentication ZDBF%51 //配置密码

key accounting ZDBF%51

user-name-format without-domain

domain auth

scheme radius-scheme auth local

accounting optional

domain default enable auth

user-interface vty 0 4

authentication-mode scheme

VRP5.X版本的配置：

radius scheme auth

primary authentication 192.168.41.226 1812 //配置主用服务器IP地址和端口

primary accounting 192.168.41.226 1813

secondary authentication 192.168.41.227 1812 //配置备用服务器IP地址和端口

secondary accounting 192.168.41.227 1813

key authentication ZDBF%51 //配置密码

key accounting ZDBF%51

domain auth

authentication default radius-scheme auth local //配置AAA中的认验模式

authorization default radius-scheme auth local //配置AAA中的授权模式

accounting optional

domain default enable auth

user-interface vty 0 4

authentication-mode scheme

华为E100、E200和E500的配置：

radius-server template auth

radius-server shared-key ZDBF%51

radius-server authentication 192.168.41.226 1812

radius-server authentication 192.168.41.227 1812 secondary

radius-server accounting 192.168.41.226 1813

radius-server accounting 192.168.41.227 1813 secondary

aaa

local-user huawei password cipher N`C55QK<`=/Q=^Q`MAF4<1!!

authentication-scheme default

authentication-mode radius local

#

authorization-scheme default

#

accounting-scheme default

#

domain default

radius-server auth

NETSCREEN设备例子：

set auth-server "Local" id 0

set auth-server "Local" server-name "Local"

set auth-server "radius" id 1

set auth-server "radius" server-name "192.168.41.226"

set auth-server "radius" backup1 "192.168.41.227"

set auth-server "radius" account-type auth

set auth-server "radius" radius port 1812

set auth-server "radius" radius secret "ZDBF%51"

set auth default auth server "radius"

set admin auth server "radius"

set admin privilege read-write