Operation Manual - Security
Quidway S6500 Series Ethernet Switches
Chapter 2 AAA and RADIUS Protocol
Configuration
Huawei Technologies Proprietary
2-14
2.3.1 Creating/Deleting a RADIUS Scheme
As mentioned above, RADIUS protocol configurations are performed on the per
RADIUS scheme basis. Therefore, before performing other RADIUS protocol
configurations, it is compulsory to create the RADIUS scheme and enter its view to set
its IP address.
You can use the following commands to create/delete a RADIUS scheme.
Perform the following configurations in system view.
Table 2-16 Creating/deleting a RADIUS scheme
Operation Command
Create a RADIUS scheme and
enter its view
radius scheme radius-scheme-name
Delete a RADIUS scheme
undo radius scheme radius-scheme-name
Several ISP domains can use a RADIUS scheme at the same time. You can configure
up to 16 RADIUS server-groups, including the default scheme named as system.
By default, the system has a RADIUS scheme named as system whose attributes are
all default values. The default attribute values will be introduced in the following text.
2.3.2 Configuring RADIUS Authentication/Authorization Servers
After creating a RADIUS scheme, you are supposed to set IP addresses and UDP port
numbers for the RADIUS servers, including primary/second
authentication/authorization servers and accounting servers. So you can configure up
to 4 groups of IP addresses and UDP port numbers. However, at least you have to set
one group of IP address and UDP port number for each pair of primary/second servers
to ensure the normal AAA operation.
You can use the following commands to configure the IP address and port number for
RADIUS servers.
Perform the following configurations in RADIUS scheme view.
Table 2-17 Configuring RADIUS Authentication/Authorization servers
Operation Command
Set IP address and port number of primary
RADIUS authentication/authorization server.
primary authentication
ip-address [ port-number ]
Restore IP address and port number of primary
RADIUS authentication/authorization server to the
default values.
undo primary authentication
Set IP address and port number of secondary
RADIUS authentication/authorization server.
secondary authentication
ip-address [ port-number ]
To Next Page
Loading...
Need help?
General
