The MA5680T is interconnected with the RADIUS server through the RADIUS protocol to implement authentication.
To guarantee normal communication between the MA5600 and the RADIUS server, before configuring the IP address and UDP port of the RADIUS server, make sure that the route between the RADIUS server and the MA5600 is in the normal state.
Make sure that the configuration of the RADIUS service port of the MA5600 is consistent with the port configuration of the RADIUS server.
The RADIUS client (MA5600) and the RADIUS server use the MD5 algorithm to encrypt the RADIUS packets. They check the validity of the packets by setting the encryption key. They can receive the packets from each other and can respond to each other only when their keys are the same.
By default, the shared key of the RADIUS server is huawei.
User1 in the isp domain adopts the RADIUS protocol for authentication. RADIUS server 10.10.66.66 functions as the primary authentication server, and RADIUS server 10.10.66.67 functions as the secondary authentication server. On the RADIUS server, the authentication port ID is 1812, and the other parameters adopt the default values. To perform the preceding configuration, do as follows:
huawei(config)#aaa
huawei(config-aaa)#authentication-scheme newscheme
huawei(config-aaa-authen-newscheme)#authentication-mode radius
huawei(config-aaa-authen-newscheme)#quit
huawei(config-aaa)#quit
huawei(config)#radius-server template hwtest
huawei(config-radius-hwtest)#radius-server authentication 10.10.66.66 1812
huawei(config-radius-hwtest)#radius-server authentication 10.10.66.67 1812 secondary
huawei(config-radius-hwtest)#quit
huawei(config)#aaa
huawei(config-aaa)#domain isp
huawei(config-aaa-domain-isp)#authentication-scheme newscheme
huawei(config-aaa-domain-isp)#radius-server hwtest
huawei(config MA5683T -aaa-domain-isp)#quit