beautypg.com

Configuring radius schemes, Radius scheme configuration task list, Creating a radius scheme – H3C Technologies H3C SecBlade LB Cards User Manual

Page 66

background image

55

Configuring RADIUS schemes

A RADIUS scheme specifies the RADIUS servers that the device can cooperate with and defines a set of

parameters that the device uses to exchange information with the RADIUS servers. There might be

authentication/authorization servers and accounting servers, or primary servers and secondary servers.
The parameters include the IP addresses of the servers, the shared keys, and the RADIUS server type.

RADIUS scheme configuration task list

Task Remarks

Creating a RADIUS scheme

Required.

Specifying the RADIUS authentication/authorization servers

Required.

Specifying the RADIUS accounting servers and the relevant parameters

Optional.

Specifying the shared keys for secure RADIUS communication

Optional.

Specifying a VPN for the RADIUS scheme

Optional.

Setting the username format and traffic statistics units

Optional.

Setting the supported RADIUS server type

Optional.

Setting the maximum number of RADIUS request transmission attempts

Optional.

Setting the status of RADIUS servers

Optional.

Specifying the source IP address for outgoing RADIUS packets

Optional.

Setting RADIUS timers

Optional.

Configuring RADIUS accounting-on

Optional.

Configuring the IP address of the security policy server

Optional.

Configuring interpretation of the RADIUS class attribute as CAR parameters

Optional.

Enabling the trap function for RADIUS

Optional.

Enabling the RADIUS client service

Optional.

Displaying and maintaining RADIUS

Optional.

Creating a RADIUS scheme

Before you perform other RADIUS configurations, first create a RADIUS scheme and enter RADIUS

scheme view. A RADIUS scheme can be referenced by multiple ISP domains at the same time.
To create a RADIUS scheme and enter RADIUS scheme view:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create a RADIUS scheme and enter
RADIUS scheme view.

radius scheme
radius-scheme-name

By default, no RADIUS scheme is
created.

Specifying the RADIUS authentication/authorization servers

In RADIUS, user authorization information is piggybacked in authentication responses sent to RADIUS

clients. It is neither allowed nor needed to specify a separate RADIUS authorization server.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: