Configuration Guide Configuring RADIUS
Shared Key
A RADIUS client and a RADIUS server mutually confirm their identities by using a shared key during communication. The
shared key cannot be transmitted over a network. In addition, user passwords are encrypted for transmission for the sake of
security.
RADIUS Server Group
The RADIUS security protocol, also called RADIUS method, is configured in the form of a RADIUS server group. Each
RADIUS method corresponds to one RADIUS server group and one or more RADIUS severs can be added to one RADIUS
server group. For details about the RADIUS method, see the Configuring AAA. If you add multiple RADIUS servers to one
RADIUS server group, when the communication between a device and the first RADIUS server in this group fails or the first
RADIUS server becomes unreachable, the device automatically attempts to communicate with the next RADIUS server till
the communication is successful or the communication with all the RADIUS servers fails.
RADIUS Attribute Type
Standard attributes
The RFC standards specify the RADIUS attribute numbers and attribute content but do not specify the format of some
attribute types. Therefore, the format of attribute contents needs to be configured to adapt to different RADIUS server
requirements. Currently, the format of the RADIUS Calling-Station-ID attribute (attribute No.: 31) can be configured.
The RADIUS Calling-Station-ID attribute is used to identify user identities when a network device transmits request packets
to the RADIUS server. The RADIUS Calling-Station-ID attribute is a string, which can adopt multiple formats. It needs to
uniquely identify a user. Therefore, it is often set to the MAC address of a user. For example, when IEEE 802.1X
authentication is used, the Calling-Station-ID attribute is set to the MAC address of the device where the IEEE 802.1X client
is installed. The following table describes the format of MAC addresses.