使用WinRadius服务器软件 搭建 radius 认证

1 试验目的ENSP+WinRadius 搭建 Radius认证

2 试验拓扑

3 LSW1作为Radius客户端，其上配置如下：

<LSW1>dis cu
#
sysname LSW1
#
vlan batch 10 30
#
domain xk admin //配置后传到Radius服务器的用户名就不带域名，若没有此命令会带有域名，造成和服务器配置的用户名不一致
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
radius-server template sertemp1
 radius-server shared-key simple xk123
 radius-server authentication 202.10.1.22 1812
 radius-server accounting 202.10.1.22 1813
 undo radius-server user-name domain-included
#
drop-profile default
#
aaa
 authentication-scheme default
 authentication-scheme auth1
  authentication-mode radius
 authorization-scheme default
 accounting-scheme default
 accounting-scheme acc1
  accounting-mode radius
 domain default
 domain default_admin
 domain xk
  authentication-scheme auth1
  accounting-scheme acc1
  radius-server  sertemp1
 local-user admin password simple admin
 local-user admin service-type http
 local-user admin@xk password cipher XJUN8<9N-:5NZPO3JBXBHA!!
 local-user admin@xk privilege level 15
 local-user admin@xk service-type telnet
#
interface Vlanif1
#
interface Vlanif10
 ip address 202.10.1.254 255.255.255.0
#
interface Vlanif30
 ip address 12.0.0.1 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 10
#

user-interface con 0  //必须配置
user-interface vty 0 4
 authentication-mode aaa
 user privilege level 15

--------------------------------------------------------------------------------------------------------------------

服务器配置

须与radius 客户端服务器模板配置参数保持一致

服务器上添加需要认证的账号：