Configuring shared keys for radius messages – H3C Technologies H3C S3100 Series Switches User Manual

Page 431

Advertising
background image

2-17

z

In an actual network environment, you can specify one server as both the primary and secondary

accounting servers, as well as specifying two RADIUS servers as the primary and secondary

accounting servers respectively. In addition, because RADIUS adopts different UDP ports to

exchange authentication/authorization messages and accounting messages, you must set a port

number for accounting different from that set for authentication/authorization.

z

With stop-accounting request buffering enabled, the switch first buffers the stop-accounting

request that gets no response from the RADIUS accounting server, and then retransmits the

request to the RADIUS accounting server until it gets a response, or the maximum number of

transmission attempts is reached (in this case, it discards the request).

z

You can set the maximum allowed number of continuous real-time accounting failures. If the

number of continuously failed real-time accounting requests to the RADIUS server reaches the set

maximum number, the switch cuts down the user connection.

z

The IP address and port number of the primary accounting server of the default RADIUS scheme

"system" are 127.0.0.1 and 1646 respectively.

z

Currently, RADIUS does not support the accounting of FTP users.

Configuring Shared Keys for RADIUS Messages

Both RADIUS client and server adopt MD5 algorithm to encrypt RADIUS messages before they are

exchanged between the two parties. The two parties verify the validity of the RADIUS messages

received from each other by using the shared keys that have been set on them, and can accept and

respond to the messages only when both parties have the same shared key.

Table 2-15 Configure shared keys for RADIUS messages

Operation

Command

Remarks

Enter system view

system-view

Create a RADIUS scheme and
enter its view

radius scheme
radius-scheme-name

Required

By default, a RADIUS scheme
named "system" has already
been created in the system.

Set a shared key for RADIUS
authentication/authorization
messages

key authentication string

Required

By default, no shared key is
created.

Set a shared key for RADIUS
accounting messages

key accounting string

Required

By default, no shared key is
created.

Advertising
Popular Brands
Popular manuals