H3C Technologies H3C S6300 Series Switches User Manual
Page 40
25
Step Command
Remarks
3.
Specify RADIUS accounting
servers.
•
Specify the primary RADIUS
accounting server:
primary accounting { host-name |
ipv4-address | ipv6 ipv6-address }
[ port-number | key { cipher |
simple } string ] *
•
Specify a secondary RADIUS
accounting server:
secondary accounting { host-name |
ipv4-address | ipv6 ipv6-address }
[ port-number | key { cipher |
simple } string ] *
Configure at least one
command.
By default, no accounting
server is specified.
Two accounting servers in a
scheme, primary or
secondary, cannot have the
same combination of
hostname, IP address, and
port number.
4.
(Optional.) Set the maximum
number of real-time
accounting attempts.
retry realtime-accounting retry-times
The default setting is 5.
Specifying the shared keys for secure RADIUS communication
The RADIUS client and server use the MD5 algorithm and shared keys to generate the Authenticator
value for packet authentication and user password encryption. The client and server must use the same
key for each type of communication.
A key configured in this task is for all servers of the same type (accounting or authentication) in the
scheme. The key has a lower priority than a key configured individually for a RADIUS server.
To specify a shared key for secure RADIUS communication:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter RADIUS scheme view.
radius scheme
radius-scheme-name
N/A
3.
Specify a shared key for
secure RADIUS
communication.
key { accounting | authentication }
{ cipher | simple } string
By default, no shared key is
specified.
The shared key configured on the
device must be the same as the
shared key configured on the
RADIUS server.
Setting the username format and traffic statistics units
A username is in the format userid@isp-name, where isp-name represents the user's ISP domain name. By
default, the ISP domain name is included in a username. However, older RADIUS servers might not
recognize usernames that contain the ISP domain names. In this case, you can configure the device to
remove the domain name of each username to be sent.
For correct identification of users, configure the device to include ISP domain names in usernames for the
RADIUS scheme that is used by two or more ISP domains.
The device reports online user traffic statistics in accounting packets. The traffic measurement units are
configurable, but they must be the same as the traffic measurement units configured on the RADIUS
accounting servers.
To set the username format and the traffic statistics units for a RADIUS scheme: