Configuring radius, Authentication/author, Ization servers – H3C Technologies H3C S3100 Series Switches User Manual

Operation Manual – AAA – RADIUS – HWTACACS

H3C S3100-52P Ethernet Switch

Chapter 1 AAA & RADIUS & HWTACACS

Configuration

1-23

Caution:

A RADIUS scheme can be referenced by multiple ISP domains simultaneously.

1.4.2 Configuring RADIUS Authentication/Authorization Servers

Table 1-13

Configure RADIUS authentication/authorization servers

Operation

Command

Description

Enter system view

system-view

—

Create a RADIUS scheme

and enter its view

radius scheme

radius-scheme-name

Required
By default, a RADIUS

scheme named "system"

has already been created

in the system.

Set the IP address and port

number of the primary

RADIUS

authentication/authorizatio

n server

primary authentication

ip-address

[ port-number ]

Required
By default, the IP address

and UDP port number of

the primary server are

0.0.0.0 and 1812

respectively.

Set the IP address and port

number of the secondary

RADIUS

authentication/authorizatio

n server

secondary

authentication

ip-address

[ port-number ]

Optional
By default, the IP address

and UDP port number of

the secondary server are

0.0.0.0 and 1812

respectively.

Caution:

z

The authentication response sent from the RADIUS server to the RADIUS client
carries authorization information. Therefore, you need not (and cannot) specify a
separate RADIUS authorization server.

z

In an actual network environment, you can specify one server as both the primary
and secondary authentication/authorization servers, as well as specifying two
RADIUS servers as the primary and secondary authentication/authorization servers
respectively.

z

The IP address and port number of the primary authentication server used by the
default RADIUS scheme "system" are 127.0.0.1 and 1645.