766 CHAPTER 53: AAA/RADIUS/HWTACACS CONFIGURATION
n
■ In practice, you may specify two RADIUS servers as the primary and secondary
authentication/authorization servers respectively. At a moment, a server can be
the primary authentication/authorization server for a scheme and the
secondary authentication/authorization servers for another scheme.
■ The IP addresses of the primary and secondary authentication/authorization
servers for a scheme cannot be the same. Otherwise, the configuration fails.
Configuring the RADIUS
Accounting Servers and
Relevant Parameters
Follow these steps to specify the RADIUS accounting servers and perform related
configurations:
n
■ In practice, you can specify two RADIUS servers as the primary and secondary
accounting servers respectively; or specify one server to function as both.
Besides, because RADIUS uses different UDP ports to receive
Create a RADIUS scheme and
enter RADIUS scheme view
radius scheme
radius-scheme-name
Required
Not defined by default
Configure the IP address and
UDP port of the primary
RADIUS
authentication/authorization
server
primary authentication
ip-address [ port-number ]
Required
The defaults are as follows:
0.0.0.0 for the IP address, and
1812 for the port.
Configure the IP address and
UDP port of the secondary
RADIUS
authentication/authorization
server
secondary authentication
ip-address [ port-number ]
Optional
The defaults are as follows:
0.0.0.0 for the IP address, and
1812 for the port.
To do… Use the command… Remarks
To do… Use the command… Remarks
Enter system view system-view -
Create a RADIUS scheme and
enter RADIUS scheme view
radius scheme
radius-scheme-name
Required
Not defined by default
Configure the IP address and
UDP port of the primary
RADIUS accounting server
primary accounting
ip-address [ port-number ]
Required
The defaults are as follows:
0.0.0.0 for the IP address, and
1813 for the port.
Configure the IP address and
UDP port of the secondary
RADIUS accounting server
secondary accounting
ip-address [ port-number ]
Optional
The defaults are as follows:
0.0.0.0 for the IP address, and
1813 for the port.
Enable the device to buffer
stop-accounting requests
getting no responses
stop-accounting-buffer
enable
Optional
Enabled by default
Set the maximum number of
stop-accounting request
transmission attempts
retry stop-accounting
retry-times
Optional
500 by default
Set the maximum number of
accounting request
transmission attempts
retry realtime-accounting
retry-times
Optional
5 by default
To Next Page
Loading...
