Router User Manual
1 AAA troubleshooting
Nortel Secure Router 8000 Series
Troubleshooting - VAS
1-12 Nortel Networks Inc. Issue 01.01 (30 March 2009)
Item Sub-item Description
Configure the
authentication
scheme
The RADIUS authentication mode is used.
Configure the
accounting
scheme
The RADIUS authentication mode is used.
Configuring
AAA
Configure the
domain nortel
A domain named nortel is created and is associated
with the authentication scheme, accounting scheme,
and RADIUS server template in the domain.
Enabling FTP
server
Enable the FTP
server
None.
Configure
authentication
and accounting
ports
For example, 1812 is the authentication port number
and 1813 is the accounting port number.
Configure the IP
address and
shared key for
the NAS
Note that the shared key of the NAS should be the
same as that on the RAIDUS server template.
Configuring the
RADIUS server
Configure
user001
In this example, the domain name is not included in
the user name. You need to configure the password
for user001. In addition, you need to configure the
delivery FTP directory on the RADIUS server.
z
The following sections cover part of the commands for configuring AAA, RADIUS, and
HWTACACS. For more information, see Nortel Secure Router 8000 Series Configuration Guide -
Security (NN46240-600).
z
RADIUS servers are configured differently, but they all support the preceding configurations.
Creating a RADIUS server template
Create a RAIDUS server template and configure the IP addresses and the port for the
authentication server and accounting server. Note the following:
z
IP addresses of RADIUS servers are routable.
z
The port configuration on the NAS should be the same as the port configuration on the
server.
z
The shared key on the NAS should be the same as the shared key on the servers.
z
In this example, the user name does not contain the domain name.
<Nortel> system-view
[Nortel] radius-server template rt_nortel
[Nortel-radius-rt_nortel] radius-server authentication 192.168.1.202 1812
[Nortel-radius-rt_nortel] radius-server accounting 192.168.1.202 1813
[Nortel-radius-rt_nortel] radius-server shared-key nortel
[Nortel-radius-rt_nortel] undo radius-server user-name domain-included