365
Figure 148 Network diagram
Table 14 Interface and IP address assignment
Device
Interface
IP address
Device
Interface IP address
Hub 1
GE2/0/1
1.0.0.1/24
Spoke 1
GE2/0/1
1.0.0.3/24
Tunnel1
192.168.0.1/24
GE2/0/2 192.168.1.1/24
Hub 2
GE2/0/1
1.0.0.2/24
Tunnel1 192.168.0.3/24
Tunnel1
192.168.0.2/24
Spoke 2
GE2/0/1
1.0.0.4/24
AAA server
1.0.0.10/24
GE2/0/2
192.168.2.1/24
Primary server
GE2/0/1
1.0.0.11/24
Tunnel1
192.168.0.4/24
Secondary server
GE2/0/1 1.0.0.12/24
Configuring the primary VAM server
1.
Configure IP addresses for the interfaces. (Details not shown.)
2.
Configure AAA:
# Configure RADIUS scheme
abc
.
<PrimaryServer> system-view
[PrimaryServer] radius scheme abc
[PrimaryServer-radius-abc] primary authentication 1.0.0.10 1812
[PrimaryServer-radius-abc] primary accounting 1.0.0.10 1813
[PrimaryServer-radius-abc] key authentication simple 123
[PrimaryServer-radius-abc] key accounting simple 123
[PrimaryServer-radius-abc] user-name-format without-domain
[PrimaryServer-radius-abc] quit
[PrimaryServer] radius session-control enable
# Configure AAA methods for ISP domain
abc
.
[PrimaryServer] domain abc
[PrimaryServer-isp-abc] authentication advpn radius-scheme abc
[PrimaryServer-isp-abc] accounting advpn radius-scheme abc
IP network
Spoke1
Spoke2
Site 1
Site 2
Hub1
Hub2
Tunnel1
Tunnel1
Tunnel1
Tunnel1
Primary server
Secondary server
AAA server
GE2/0/1
GE2/0/1
GE2/0/1
GE2/0/1
GE2/0/1
GE2/0/1
GE2/0/2
GE2/0/2
Hub-to-Hub static tunnel
Hub-to-Spoke static tunnel