Command Manual – AAA & RADIUS & HWTACACS & EAD
Quidway S3900 Series Ethernet Switches-Release 1510
Chapter 1 AAA & RADIUS & HWTACACS
Configuration Commands
Huawei Technologies Proprietary
1-39
View
System view
Parameter
nas-ip ip-address: Specifies the IP address of the local RADIUS server. Where,
ip-address is in dotted decimal notation.
key password: Specifies the shared key of the authentication server and access
server. Where, password is a character string of up to 16 characters.
Description
Use the local-server nas-ip command to create a local RADIUS authentication
server (that is, set the related parameters of the server).
Use the undo local-server nas-ip command to delete the specified local RADIUS
authentication server.
By default, a local RADIUS authentication server is used, whose default NAS-IP and
key are 127.0.0.1 and huawei respectively. That is, the local device serves as a
RADIUS authentication server and a network access server, and all authentications
are performed locally.
Note that:
z The switch not only supports the traditional RADIUS client service to accomplish
user AAA management through foreign authentication/authorization server and
accounting server, but also provides a simple local RADIUS server function for
authentication and authorization. This function is called local RADIUS
authentication server function.
z When you use the local RADIUS authentication server function, the UDP port
number for the authentication/authorization service must be 1645, the UDP port
number for the accounting service is 1646.
z The packet encryption key set by the local-server nas-ip command with the key
password parameter must be identical with the authentication/authorization
packet encryption key set by the key authentication command in RADIUS
scheme view.
z The switch supports at most 16 IP addresses and shared keys of the network
access server (including the default local RADIUS authentication server); that is,
when the switch serves as a RADIUS authentication server, it can support at
most 16 network access servers simultaneously to provide authentication.
z As a local RADIUS authentication server, the switch does not support EAP
authentication.
Related command: radius scheme, state and local-server enable.
To Next Page
Loading...
