22
To do… Use the command… Remarks
Specify the primary RADIUS
authentication/authorization
server
primary authentication { ipv4-address | ipv6
ipv6-address } [ port-number | key [ cipher |
simple ] key | probe username name [ interval
interval ] ] *
Required
Configure at least one
command.
No
authentication/authorizat
ion server is specified by
default.
Specify the secondary RADIUS
authentication/authorization
server
secondary authentication { ipv4-address | ipv6
ipv6-address } [ port-number | key [ cipher |
simple ] key | probe username name [ interval
interval ] ] *
NOTE:
• If both the primary and secondary authentication/authorization servers are specified, the secondary
one is used when the primary one is not reachable.
• If redundancy is not required, specify only the primary RADIUS authentication/authorization server.
• In practice, you may specify one RADIUS server as the primary authentication/authorization server, and
up to 16 RADIUS servers as the secondary authentication/authorization servers, or specify a server as
the primary authentication/authorization server for a scheme and as the secondary
authentication/authorization servers for another scheme at the same time.
• The IP addresses of the primary and secondary authentication/authorization servers for a scheme mus
be different from each other. Otherwise, the configuration will fail.
• All servers for authentication/authorization and accountings, primary or secondary, must use IP
addresses of the same IP version.
Specifying the RADIUS accounting servers and relevant parameters
You can specify one primary accounting server and up to 16 secondary accounting servers for a RADIUS
scheme. When the primary server is not available, a secondary server is used, if any. When redundancy
is not required, specify only the primary server.
By setting the maximum number of real-time accounting attempts for a scheme, you make the device
disconnect users for whom no accounting response is received before the number of accounting attempts
reaches the limit.
When the device receives a connection teardown request from a host or a connection teardown
notification from an administrator, it sends a stop-accounting request to the accounting server. You can
enable buffering of non-responded stop-accounting requests to allow the device to buffer and resend a
stop-accounting request until it receives a response or the number of stop-accounting attempts reaches
the configured limit. In the latter case, the device discards the packet.
Follow these steps to specify the RADIUS accounting servers and perform related configurations:
To do… Use the command… Remarks
Enter system view system-view —
Enter RADIUS scheme view radius scheme radius-scheme-name —
Specify the primary RADIUS
accounting server
primary accounting { ipv4-address | ipv6
ipv6-address } [ port-number | key [ cipher |
simple ] key ] *
Required
Configure at least one
command.
No accounting server is
specified by default.
Specify the secondary RADIUS
accounting server
secondary accounting { ipv4-address | ipv6
ipv6-address } [ port-number | key [ cipher |
simple ] key ] *
To Next Page
Loading...
