beautypg.com

4 configuring shared keys for radius messages, 4 configuring shared keys for radius messages -25, Configuring shared – H3C Technologies H3C S3100 Series Switches User Manual

Page 324: Keys for radius, Messages

background image

Operation Manual – AAA – RADIUS – HWTACACS

H3C S3100-52P Ethernet Switch

Chapter 1 AAA & RADIUS & HWTACACS

Configuration

1-25

Caution:

z

In an actual network environment, you can specify one server as both the primary
and secondary accounting servers, as well as specifying two RADIUS servers as
the primary and secondary accounting servers respectively. In addition, because
RADIUS adopts different UDP ports to exchange authentication/authorization
messages and accounting messages, you must set a port number for accounting
different from that set for authentication/authorization.

z

With stop-accounting request buffering enabled, the switch first buffers the
stop-accounting request that gets no response from the RADIUS accounting server,
and then retransmits the request to the RADIUS accounting server until it gets a
response, or the maximum number of transmission attempts is reached (in this case,
it discards the request).

z

You can set the maximum allowed number of continuous real-time accounting
failures. If the number of continuously failed real-time accounting requests to the
RADIUS server reaches the set maximum number, the switch cuts down the user
connection.

z

The IP address and port number of the primary accounting server of the default
RADIUS scheme "system" are 127.0.0.1 and 1646 respectively.

z

Currently, RADIUS does not support the accounting of FTP users.

1.4.4 Configuring Shared Keys for RADIUS Messages

Both RADIUS client and server adopt MD5 algorithm to encrypt RADIUS messages
before they are exchanged between the two parties. The two parties verify the validity
of the RADIUS messages received from each other by using the shared keys that have
been set on them, and can accept and respond to the messages only when both parties
have the same shared key.

Table 1-15

Configure shared keys for RADIUS messages

Operation

Command

Description

Enter system view

system-view

Create a RADIUS scheme

and enter its view

radius scheme

radius-scheme-name

Required
By default, a RADIUS

scheme named "system"

has already been created

in the system.

Set a shared key for

RADIUS

authentication/authorizatio

n messages

key

authentication

string

Required

See also other documents in the category H3C Technologies Routers: