The basic setup: we have 2 Cisco ACS servers as RADIUS/TACACS servers, for network management purposes. Both the network devices and the VPN service on the ASA cluster authenticates with them. Setting up Cisco and HP Procurve to use RADIUS is almost the same, but Comware differs significantly.
After an afternoon well spent, here's what I've come up with:
#
local-server nas-ip 127.0.0.1 key 3com
#
radius scheme system
nas-ip 127.0.0.1
radius scheme ceu
server-type standard
primary authentication 10.0.0.10
secondary authentication 10.0.0.11
accounting optional
key authentication XXXXXXX
user-name-format without-domain
#
domain local
domain system
scheme radius-scheme ceu
#
user-interface aux 0
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme
local-server nas-ip 127.0.0.1 key 3com
#
radius scheme system
nas-ip 127.0.0.1
radius scheme ceu
server-type standard
primary authentication 10.0.0.10
secondary authentication 10.0.0.11
accounting optional
key authentication XXXXXXX
user-name-format without-domain
#
domain local
domain system
scheme radius-scheme ceu
#
user-interface aux 0
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme
No comments:
Post a Comment