H3C Technologies H3C S12500-X Series Switches User Manual
Page 37
25
Step Command
Remarks
3.
Specify RADIUS accounting
servers.
•
Specify the primary RADIUS
accounting server:
primary accounting { ipv4-address |
ipv6 ipv6-address } [ port-number |
key { cipher | simple } string |
vpn-instance vpn-instance-name ] *
•
Specify a secondary RADIUS
accounting server:
secondary accounting
{ ipv4-address | ipv6 ipv6-address }
[ port-number | key { cipher |
simple } string | vpn-instance
vpn-instance-name ] *
Configure at least one
command.
By default, no accounting
server is specified.
Two accounting servers in a
scheme, primary or
secondary, cannot have the
same combination of IP
address, port number, and
VPN.
4.
(Optional.) Set the maximum
number of real-time
accounting attempts.
retry realtime-accounting retry-times
The default setting is 5.
359B
Specifying the shared keys for secure RADIUS communication
The RADIUS client and server use the MD5 algorithm and shared keys to generate the Authenticator
value for packet authentication and user password encryption. They must use the same key for each type
of communication.
A key configured in this task is for all servers of the same type (accounting or authentication) in the
scheme, and has a lower priority than a key configured individually for a RADIUS server.
To specify a shared key for secure RADIUS communication:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter RADIUS scheme view.
radius scheme
radius-scheme-name
N/A
3.
Specify a shared key for
secure RADIUS
communication.
key { accounting | authentication }
{ cipher | simple } string
By default, no shared key is
specified.
The shared key configured on the
device must be the same as that
configured on the RADIUS server.
360B
Specifying a VPN for the scheme
The VPN specified for a RADIUS scheme applies to all authentication and accounting servers in that
scheme. If a VPN is also configured for an individual RADIUS server, the VPN specified for the RADIUS
scheme does not take effect on that server.
To specify a VPN for a scheme:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter RADIUS scheme view.
radius scheme radius-scheme-name
N/A