24
You can specify one primary authentication server and up to 16 secondary authentication servers for a
RADIUS scheme. When the primary server is not available, the device tries to communicate with the
secondary servers in the order they are configured, and communicates with the first secondary server in
active state. If redundancy is not required, specify only the primary server. A RADIUS authentication
server can function as the primary authentication server for one scheme and a secondary authentication
server for another scheme at the same time.
To specify a RADIUS server by hostname in an MPLS VPN network, first complete one of the following
tasks on the device:
• Configure hostname-to-IP address
mappings for the VPN by using the ip host or ipv6 host
command.
• Configure a DNS server for the VPN by using the dns server or ipv6 dns server command.
For more information about these commands, see Layer 3—IP Services Command Reference.
To specify RADIUS authentication servers for a RADIUS scheme:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter RADIUS scheme
view.
radius scheme radius-scheme-name N/A
3. Specify RADIUS
authentication servers.
• Specify the primary RADIUS
authentication server:
primary authentication { host-name
| ipv4-address | ipv6
ipv6-address } [ port-number | key
{ cipher | simple } string |
vpn-instance vpn-instance-name ] *
• Specify a secondary RADIUS
authentication server:
secondary authentication
{ host-name | ipv4-address | ipv6
ipv6-address } [ port-number | key
{ cipher | simple } string |
vpn-instance vpn-instance-name ] *
By default, no authentication server
is specified.
The host-name argument is
available in Release 2310 and
later versions.
Two authentication servers in a
scheme, primary or secondary,
cannot have the same combination
of hostname, IP address, port
number, and VPN.
Specifying the RADIUS accounting servers and the relevant parameters
You can specify one primary accounting server and up to 16 secondary accounting servers for a RADIUS
scheme. When the primary server is not available, the device tries to communicate with the secondary
servers in the order they are configured, and communicates with the first secondary server in active state.
If redundancy is not required, specify only the primary server. A RADIUS accounting server can function
as the primary accounting server for one scheme and a secondary accounting server for another scheme
at the same time.
When the device receives a connection teardown request from a host or a connection teardown
command from an administrator, it sends a stop-accounting request to the accounting server. When the
maximum number of real-time accounting attempts is reached, the device disconnects users who have no
accounting responses.
RADIUS does not support accounting for FTP, SFTP, and SCP users.
To specify a RADIUS server by hostname in an MPLS VPN network, first complete one of the following
tasks on the device:
To Next Page
Loading...
Need help?
General
