22 
Step Command Remarks 
1.  Enter system view. 
system-view  N/A 
2.  Create a RADIUS scheme and 
enter RADIUS scheme view. 
radius scheme 
radius-scheme-name 
No RADIUS scheme exists by 
default. 
 
  NOTE: 
 RADIUS scheme can be referenced by multiple ISP domains at the same time. 
 
Specifying the RADIUS authentication/authorization servers 
You can specify one primary authentication/authorization server and up to 16 secondary 
authentication/authorization servers for a RADIUS scheme. When the primary server is not available, a 
secondary server is used. In a scenario where redundancy is not required, specify only the primary 
server. 
In RADIUS, user authorization information is piggybacked in authentication responses sent to RADIUS 
clients. There is no separate RADIUS authorization server. 
You can enable the server status detection feature. With the feature, the switch periodically sends an 
authentication request to check whether or not the target RADIUS authentication/authorization server is 
reachable. If yes, the switch sets the status of the server to active. If not, the switch sets the status of the 
server to block. This feature can promptly notify authentication modules of latest server status information. 
For example, server status detection can work with the 802.1X critical VLAN feature, so that the switch 
can trigger 802.1X authentication for users in the critical VLAN immediately on detection of a reachable 
RADIUS authentication/authorization server. 
Follow these guidelines when you specify RADIUS authentication/authorization servers: 
•  The IP addresses of the primary and secondary authentication/authorization servers for a scheme 
must be different from each other. Otherwise, the configuration fails.  
•  All servers for authentication/authorization and accounting, primary or secondary, must use IP 
addresses of the same IP version. 
•  You can specify a RADIUS authentication/authorization server as the primary 
authentication/authorization server for one scheme and as the secondary 
authentication/authorization server for another scheme at the same time. 
To specify RADIUS authentication/authorization servers for a RADIUS scheme: 
 
Step Command  Remarks 
1.  Enter system view.  system-view  N/A 
2.  Enter RADIUS scheme view. 
radius scheme radius-scheme-name N/A