29
If you delete an accounting server that is serving users, the device no longer sends real-time
accounting requests or stop-accounting requests for the users to that server, or buffers the
stop-accounting requests.
RADIUS does not support accounting for FTP users.
To specify RADIUS accounting servers and set relevant parameters for a scheme:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter RADIUS scheme view.
radius scheme
radius-scheme-name
N/A
3. Specify RADIUS accounting
servers.
• Specify the primary RADIUS
accounting server:
primary accounting
{ ip-address | ipv6
ipv6-address } [ port-number
| key [ cipher | simple ] key |
vpn-instance
vpn-instance-name ] *
• Specify a secondary
RADIUS accounting server:
secondary accounting
{ ip-address | ipv6
ipv6-address } [ port-number
| key [ cipher | simple ] key |
vpn-instance
vpn-instance-name ] *
Configure at least one command.
No accounting server is specified
by default.
The IP addresses of the primary
and secondary accounting
servers must be different from
each other. Otherwise, the
configuration fails.
All servers for
authentication/authorization and
accounting, primary or secondary,
must use IP addresses of the
same IP version.
In FIPS mode, the shared key for
secure RADIUS accounting
communication must be at least
eight characters that contain
digits, uppercase letters,
lowercase letters, and special
characters, and must use 3DES
for encryption and decryption.
4. Set the maximum number of
real-time accounting
attempts.
retry realtime-accounting
retry-times
Optional.
The default setting is 5.
5. Enable buffering of
stop-accounting requests to
which no responses are
received.
stop-accounting-buffer enable
Optional.
Enabled by default.
6. Set the maximum number of
stop-accounting attempts.
retry stop-accounting
retry-times
Optional.
The default setting is 500.
Specifying the shared keys for secure RADIUS communication
The RADIUS client and RADIUS server use the MD5 algorithm and a shared key pair for packet
authentication and password encryption in a certain type of communication.
A shared key configured in RADIUS scheme view applies to all servers of the specified type
(accounting or authentication) in that scheme, and has a lower priority than those configured for
individual RADIUS servers.
To specify a shared key for secure RADIUS communication:
Step Command Remarks
1. Enter system view.
system-view
N/A
To Next Page
Loading...
Need help?
General
