24
2.
Create a RADIUS scheme
and enter RADIUS scheme
view.
radius scheme
radius-scheme-name
The default setting depends on
the type of the startup
configuration:
• If the device starts up with
initial settings,
scheme is defined.
• If the device starts up with
the factory defaults, a
RADIUS scheme named
system is defined.
For more information about the
startup configuration, see
Fundamentals Configuration
Guide.
Specifying the RADIUS authentication servers
A RADIUS authentication server completes authentication and authorization together, because
authorization information is piggybacked in authentication responses sent to RADIUS clients.
You can specify one primary authentication server and a maximum of 16 secondary authentication
servers for a RADIUS scheme. When the primary server is not available, the device searches for the
secondary servers in the order they are configured. The first secondary server in active state is used
for communication.
If redundancy is not required, specify only the primary server. A RADIUS authentication server can
act as the primary authentication server for one scheme and a secondary authentication server for
another scheme at the same time.
When RADIUS server load sharing is enabled, the device distributes the workload over all servers
without considering the primary and secondary server roles. The device checks the weight value and
number of currently served users for each active server, and then determines the most appropriate
server in performance to receive an authentication request.
To specify a RADIUS server by hostname in an MPLS VPN network, first complete one of the
following tasks on the device:
• Configure hostname-to-IP address mappings for the VPN by using the ip host or ipv6 host
command.
• Configure a DNS server for the VPN by using the dns server or ipv6 dns server command.
For more information about these commands, see Layer 3—IP Services Command Reference.
To specify RADIUS authentication servers for a RADIUS scheme:
1. Enter system view.
N/A
2. Enter RADIUS scheme
view.
radius scheme
radius-scheme-name N/A
3. Specify RADIUS
authentication servers.
•
Specify the primary RADIUS
authentication server:
primary authentication
{ host-name | ipv4-address | ipv6
ipv6-address } [ port-number |
key { cipher | simple } string |
test-profile profile-name |
vpn-instance
vpn-instance-name | weight
weight-value ] *
• Specify a secondary RADIUS
By default
server is specified.
Two authentication servers in a
scheme, primary or secondary,
cannot have the same
combination of hostname, IP
address, port number, and VPN.
The
weight
weight-value option
takes effect only when the
RADIUS server load sharing
To Next Page
Loading...
Need help?
General