25
• Configure hostname-to-IP address mappings for the VPN by using the ip host or ipv6 host
command.
• Configure a DNS server for the VPN by using the dns server or ipv6 dns server command.
For more information about these commands, see Layer 3—IP Services Command Reference.
To specify RADIUS accounting servers and the relevant parameters for a RADIUS scheme:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter RADIUS scheme view.
radius scheme radius-scheme-name N/A
3. Specify RADIUS accounting
servers.
• Specify the primary RADIUS
accounting server:
primary accounting { host-name |
ipv4-address | ipv6 ipv6-address }
[ port-number | key { cipher |
simple } string | vpn-instance
vpn-instance-name ] *
• Specify a secondary RADIUS
accounting server:
secondary accounting { host-name |
ipv4-address | ipv6 ipv6-address }
[ port-number | key { cipher |
simple } string | vpn-instance
vpn-instance-name ] *
By default, no accounting
server is specified.
The host-name argument is
available in Release 2310
and later versions.
Two accounting servers in a
scheme, primary or
secondary, cannot have the
same combination of
hostname, IP address, port
number, and VPN.
4. (Optional.) Set the maximum
number of real-time
accounting attempts.
retry realtime-accounting retry-times The default setting is 5.
Specifying the shared keys for secure RADIUS communication
The RADIUS client and server use the MD5 algorithm and shared keys to generate the Authenticator
value for packet authentication and user password encryption. They must use the same key for each type
of communication.
A key configured in this task is for all servers of the same type (accounting or authentication) in the
scheme, and has a lower priority than a key configured individually for a RADIUS server.
To specify a shared key for secure RADIUS communication:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter RADIUS scheme view.
radius scheme
radius-scheme-name
N/A
3. Specify a shared key for
secure RADIUS
communication.
key { accounting | authentication }
{ cipher | simple } string
By default, no shared key is
specified.
The shared key configured on the
device must be the same as that
configured on the RADIUS server.
To Next Page
Loading...
Need help?
General
