KB0021

Enable Radius Authentication for Comware 7

By Stephen Schwetz

I have over the course of my employment on numerous occasions needed to add radius authentication to comware based switches and routers. This is the current comware 7 template that I use for this

class="highlight">
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
system-view

radius scheme clearpass-scheme
 server-type extended
 primary authentication <primary_radius_server_ip>
 primary accounting <primary_radius_server_ip>

 !secondary authentication <secondary_radius_server_ip>
 !secondary accounting <secondary_radius_server_ip>
 key authentication <radius_key>
 key accounting <radius_key>
 user-name-format without-domain

 nas-ip <network_device_management_ip>
!

domain clearpass
 authentication login radius-scheme clearpass-scheme
 authorization login radius-scheme  clearpass-scheme
 accounting login radius-scheme radius-scheme
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
!


user-interface vty 0 15
 undo user privilege level 
 authentication-mode scheme
!
!# WARNING: Ensure RADIUS server is working properly prior activating this
domain default enable radius-domain
!
return

Related Posts

Share: Facebook LinkedIn