Issue Description
FAQ-How user without domain name could access to AR router?
Solution
FAQ-How user without domain name could access to AR router?
A: The common configuration is as following.
radius-server template domain_test
radius-server shared-key cipher %@%@&N=i)rz0;DEvm/AAPN|*KVzI%@%@
radius-server authentication 172.1.1.10 1812 weight 80
radius-server accounting 172.1.1.10 1813 weight 80
undo radius-server user-name domain-included
aaa
authentication-scheme domain_test
authentication-mode radius
accounting-scheme domain_test
accounting-mode radius
accounting start-fail online
domain default
domain default_admin
domain test
authentication-scheme domain_test
accounting-scheme domain_test
radius-server domain_test
local-user admin password cipher %@%@2″[nGpny~&CK&PFl_ls),~BJ%@%@
local-user admin privilege level 15
local-user admin service-type SSH web http
In order to achieve user with domain name could access AR router. We need to add below command
domain test admin ///Change the configured domain test to admin domain for administrator user.
Because customer also want to local account on AR router still works. We need to change authentication-scheme.
authentication-scheme domain_test
authentication-mode local radius ///Add local authentication for access user.
The test result show the configuration works fine.
Local account on AR router
Radius user:
A: The common configuration is as following.
radius-server template domain_test
radius-server shared-key cipher %@%@&N=i)rz0;DEvm/AAPN|*KVzI%@%@
radius-server authentication 172.1.1.10 1812 weight 80
radius-server accounting 172.1.1.10 1813 weight 80
undo radius-server user-name domain-included
aaa
authentication-scheme domain_test
authentication-mode radius
accounting-scheme domain_test
accounting-mode radius
accounting start-fail online
domain default
domain default_admin
domain test
authentication-scheme domain_test
accounting-scheme domain_test
radius-server domain_test
local-user admin password cipher %@%@2″[nGpny~&CK&PFl_ls),~BJ%@%@
local-user admin privilege level 15
local-user admin service-type SSH web http
In order to achieve user with domain name could access AR router. We need to add below command
domain test admin ///Change the configured domain test to admin domain for administrator user.
Because customer also want to local account on AR router still works. We need to change authentication-scheme.
authentication-scheme domain_test
authentication-mode local radius ///Add local authentication for access user.
The test result show the configuration works fine.
Local account on AR router
Radius user:
Leave a comment