RADIUS Configuration Task List 255
■ In an actual network environment, you can specify one server as both the
primary and secondary authentication/authorization servers, as well as
specifying two RADIUS servers as the primary and secondary
authentication/authorization servers respectively.
■ The IP address and port number of the primary authentication server used by
the default RADIUS scheme "system" are 127.0.0.1 and 1645.
Configuring RADIUS
Accounting Servers
n
■ In an actual network environment, you can specify one server as both the
primary and secondary accounting servers, as well as specifying two RADIUS
servers as the primary and secondary accounting servers respectively. In
addition, because RADIUS adopts different UDP ports to exchange
authentication/authorization messages and accounting messages, you must set
a port number for accounting different from that set for
authentication/authorization.
Tab le 192 Configure RADIUS accounting servers
Operation Command Remarks
Enter system view system-view -
Create a RADIUS scheme and
enter its view
radius scheme
radius-scheme-name
Required
By default, a RADIUS scheme
named "system" has already
been created in the system.
Set the IP address and port
number of the primary
RADIUS accounting server
primary accounting
ip-address [ port-number ]
Required
By default, the IP address and
UDP port number of the
primary accounting server are
0.0.0.0 and 1813 for a newly
created RADIUS scheme.
Set the IP address and port
number of the secondary
RADIUS accounting server
secondary accounting
ip-address [ port-number ]
Optional
By default, the IP address and
UDP port number of the
secondary accounting server
are 0.0.0.0 and 1813 for a
newly created RADIUS
scheme.
Enable stop-accounting
request buffering
stop-accounting-buffer
enable
Optional
By default, stop-accounting
request buffering is enabled.
Set the maximum number of
transmission attempts of a
buffered stop-accounting
request.
retry stop-accounting
retry-times
Optional
By default, the system tries at
most 500 times to transmit a
buffered stop-accounting
request.
Set the maximum allowed
number of continuous
real-time accounting failures
retry realtime-accounting
retry-times
Optional
By default, the maximum
allowed number of
continuous real-time
accounting failures is five. If
five continuous failures occur,
the switch cuts down the user
connection.
To Next Page
Loading...
