beautypg.com

H3C Technologies H3C S12500-X Series Switches User Manual

Page 36

background image

24

357B

Specifying the RADIUS authentication servers

A RADIUS authentication server completes authentication and authorization together, because

authorization information is piggybacked in authentication responses sent to RADIUS clients.
You can specify one primary authentication server and up to 16 secondary authentication servers for a

RADIUS scheme. When the primary server is not available, the device tries to communicate with the

secondary servers in the order they are configured, and communicates with the first secondary server in

active state. If redundancy is not required, specify only the primary server. A RADIUS authentication
server can function as the primary authentication server for one scheme and a secondary authentication

server for another scheme at the same time.
To specify RADIUS authentication servers for a RADIUS scheme:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter RADIUS scheme
view.

radius scheme radius-scheme-name N/A

3.

Specify RADIUS
authentication servers.

Specify the primary RADIUS

authentication server:
primary authentication

{ ipv4-address | ipv6 ipv6-address }

[ port-number | key { cipher |

simple } string | vpn-instance
vpn-instance-name ] *

Specify a secondary RADIUS

authentication server:
secondary authentication

{ ipv4-address | ipv6 ipv6-address }

[ port-number | key { cipher |
simple } string | vpn-instance

vpn-instance-name ] *

Configure at least one command.
By default, no authentication server
is specified.
Two authentication servers in a
scheme, primary or secondary,

cannot have the same combination
of IP address, port number, and

VPN.

358B

Specifying the RADIUS accounting servers and the relevant parameters

You can specify one primary accounting server and up to 16 secondary accounting servers for a RADIUS

scheme. When the primary server is not available, the device tries to communicate with the secondary
servers in the order they are configured, and communicates with the first secondary server in active state.

If redundancy is not required, specify only the primary server. A RADIUS accounting server can function

as the primary accounting server for one scheme and a secondary accounting server for another scheme

at the same time.
When the device receives a connection teardown request from a host or a connection teardown

command from an administrator, it sends a stop-accounting request to the accounting server. When the

maximum number of real-time accounting attempts is reached, the device disconnects users who have no

accounting responses.
RADIUS does not support accounting for FTP users.
To specify RADIUS accounting servers and the relevant parameters for a RADIUS scheme:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter RADIUS scheme view.

radius scheme radius-scheme-name N/A

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: