HP FlexNetwork MSR Series Command Reference Manual page 114
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
key: Specifies the shared key for secure communication with the primary RADIUS authentication
server.
cipher: Specifies the key in encrypted form.
simple: Specifies the key in plaintext form. For security purposes, the key specified in plaintext form
will be stored in encrypted form.
string: Specifies the key. This argument is case sensitive.
•
In non-FIPS mode, the encrypted form of the key is a string of 1 to 117 characters. The plaintext
form of the key is a string of 1 to 64 characters.
•
In FIPS mode, the encrypted form of the key is a string of 15 to 117 characters. The plaintext
form of the key is a string of 15 to 64 characters. The plaintext string must contain digits,
uppercase letters, lowercase letters, and special characters.
test-profile profile-name: Specifies a test profile for detecting the RADIUS server status. The
profile-name argument specifies the test profile name, which is a case-sensitive string of 1 to 31
characters.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the primary
RADIUS authentication server belongs. The vpn-instance-name argument is a case-sensitive string
of 1 to 31 characters. If the server is on the public network, do not specify this option.
Usage guidelines
Make sure that the service port and shared key settings of the primary RADIUS authentication server
are the same as those configured on the server.
Two authentication servers specified for a scheme, primary or secondary, cannot have identical IP
address, port number, and VPN instance settings.
The shared key configured by this command takes precedence over the shared key configured with
the key authentication command.
When you specify a test profile for the primary authentication server, make sure the test profile
already exists on the device. Otherwise, the device cannot detect the server status.
If the specified server resides on an MPLS L3VPN, specify the VPN instance by using the
vpn-instance vpn-instance-name option. The VPN instance specified by this command takes
precedence over the VPN instance specified for the RADIUS scheme.
If you use the primary authentication command to modify or delete the primary authentication
server during an authentication process, communication with the primary server times out. The
device tries to communicate with an active server that has the highest priority for authentication.
Examples
# In RADIUS scheme radius1, specify the primary authentication server with IP address 10.110.1.1,
UDP port number 1812, and plaintext shared key 123456TESTauth&!.
<Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] primary authentication 10.110.1.1 1812 key simple
123456TESTauth&!
Related commands
display radius scheme
key (RADIUS scheme view)
radius-server test-profile
secondary authentication (RADIUS scheme view)
vpn-instance (RADIUS scheme view)
96
Advertisement
