Specifying a vpn for the radius scheme, Setting the supported radius server type – H3C Technologies H3C SecPath F1000-E User Manual

Page 195

185

Step Command

Remarks

Enter system view.

system-view

N/A

Enter RADIUS scheme view.

radius scheme
radius-scheme-name

N/A

Specify a shared key for

authenticating RADIUS
authentication/authorization

or accounting packets.

key { accounting | authentication }
[ cipher | simple ] key

No shared key is specified by
default.
In FIPS mode, the firewall supports

only ciphertext shared keys of at

least 8 characters comprising
case-sensitive letters, numbers, and

special characters.

NOTE:

A shared key configured on the firewall must be the same as that configured on the RADIUS server.

Specifying a VPN for the RADIUS scheme

After you specify a VPN for a RADIUS scheme, all the authentication/authorization/accounting servers

specified for the scheme belong to the VPN. However, if you also specify a VPN when specifying a server

for the scheme, the server belongs to the specified VPN.
To specify a VPN for a RADIUS scheme:

Step Command

Enter system view.

system-view

Enter RADIUS scheme view.

radius scheme radius-scheme-name

Specify a VPN for the RADIUS scheme.

vpn-instance vpn-instance-name

Setting the supported RADIUS server type

The supported RADIUS server type determines the type of the RADIUS protocol that the firewall uses to
communicate with the RADIUS server. It can be standard or extended:

•

Standard—Uses the standard RADIUS protocol, compliant to RFC 2865 and RFC 2866 or later.

•

Extended—Uses the proprietary RADIUS protocol of H3C.

When the RADIUS server runs on CAMS or IMC, you must set the RADIUS server type to extended.

When the RADIUS server runs third-party RADIUS server software, either RADIUS server type applies. For

the firewall to function as a RADIUS server to authenticate login users, you must set the RADIUS server

type to standard.
To set the RADIUS server type:

Step Command

Remarks

Enter system view.

system-view

N/A

Enter RADIUS scheme view. radius scheme

radius-scheme-name

N/A

Set the RADIUS server type. server-type { extended |

standard }

Optional.
The default RADIUS server type is standard.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS