28
To do… Use the command… Remarks
Enter RADIUS scheme view
radius scheme
radius-scheme-name
—
Specify a source IP address for
outgoing RADIUS packets
nas-ip { ip-address | ipv6
ipv6-address }
Required
By default, the IP address of the outbound
interface is used as the source IP address.
Specifying a backup source IP address for outgoing RADIUS packets
In a stateful failover scenario, the active switch authenticates portal users by interacting with the RADIUS
server, and synchronizes its online portal user information to the standby switch through the backup link
established between them. The standby switch only receives and processes synchronization messages
from the active switch. However, when the active switch fails, the RADIUS server does not send RADIUS
packets to the standby switch because it does not know the IP address of the standby switch. To solve this
problem, configure the source IP address for outgoing RADIUS packets on each switch as the backup
source IP address for outgoing RADIUS packets on the other switch. With such configuration, the active
switch will send the source IP address for outgoing RADIUS packets that is configured on the standby
switch to the RADIUS server, so that the RADIUS server can send unsolicited RADIUS packets to the
standby switch.
You can specify a backup IP address for outgoing RADIUS packets in RADIUS scheme view for a specific
RADIUS scheme, or in system view for all RADIUS schemes whose servers are in a VPN or the public
network. Before sending a RADIUS packet, a NAS selects a backup source IP address in this order:
1. The backup source IP address specified for the RADIUS scheme.
2. The backup source IP address specified in system view for the VPN or public network, depending
on where the RADIUS server resides.
If no backup source IP address is specified in the views, the NAS sends no backup source IP address to
the server.
Follow these steps to specify a backup source IP address for all RADIUS schemes of a VPN or the public
network:
To do… Use the command… Remarks
Enter system view system-view —
Specify a backup source IP
address for outgoing RADIUS
packets
radius nas-backup-ip ip-address
[ vpn-instance vpn-instance-name ]
Required
Not specified by default.
Follow these steps to specify a backup source IP address for a RADIUS scheme:
To do… Use the command… Remarks
Enter system view system-view —
Enter RADIUS scheme view
radius scheme
radius-scheme-name
—
Specify a backup source IP
address for outgoing RADIUS
packets
nas-backup-ip ip-address
Required
Not specified by default.
To Next Page
Loading...
Need help?
General