1-24
To do… Use the command… Remarks
Set the maximum number of
stop-accounting request
transmission attempts
retry stop-accounting
retry-times
Optional
500 by default
Set the maximum number of
accounting request
transmission attempts
retry realtime-accounting
retry-times
Optional
5 by default
z It is recommended to specify only the primary RADIUS accounting server if backup is not
required.
z If both the primary and secondary accounting servers are specified, the secondary one is used
when the primary one is not reachable.
z In practice, you can specify two RADIUS servers as the primary and secondary accounting
servers respectively, or specify one server to function as the primary accounting server in a
scheme and the secondary accounting server in another scheme. Besides, because RADIUS
uses different UDP ports to receive authentication/authorization and accounting packets, the port
for authentication/authorization must be different from that for accounting.
z You can set the maximum number of stop-accounting request transmission buffer, allowing the
device to buffer and resend a stop-accounting request until it receives a response or the number
of transmission retries reaches the configured limit. In the latter case, the device discards the
packet.
z You can set the maximum number of accounting request transmission attempts on the device,
allowing the device to disconnect a user when the number of accounting request transmission
attempts for the user reaches the limit but it still receives no response to the accounting request.
z The IP addresses of the primary and secondary accounting servers cannot be the same.
Otherwise, the configuration fails.
z Currently, RADIUS does not support keeping accounts on FTP users.
Setting the Shared Key for RADIUS Packets
The RADIUS client and RADIUS server use the MD5 algorithm to encrypt packets exchanged between
them and a shared key to verify the packets. Only when the same key is used can they properly
receive the packets and make responses.
Follow these steps to set the shared key for RADIUS packets:
To do… Use the command… Remarks
Enter system view system-view —
Create a RADIUS scheme and
enter RADIUS scheme view
radius scheme
radius-scheme-name
Required
Not defined by default
Set the shared key for RADIUS
authentication/authorization or
accounting packets
key { accounting |
authentication } string
Required
No key by default
To Next Page
Loading...
