Setting The Shared Key For Radius Packets; Setting The Upper Limit Of Radius Request Retransmission Attempts - H3C S5120-SI Series Operation Manual
Hide thumbs
Also See for S5120-SI Series:
- Command reference manual (910 pages) ,
- Configuration manual (745 pages) ,
- Installation manual (70 pages)
Table of Contents
Advertisement
It is recommended to specify only the primary RADIUS accounting server if backup is not required.
If both the primary and secondary accounting servers are specified, the secondary one is used
when the primary one is not reachable.
In practice, you can specify two RADIUS servers as the primary and secondary accounting servers
respectively, or specify one server to function as the primary accounting server in a scheme and
the secondary accounting server in another scheme. Besides, because RADIUS uses different
UDP ports to receive authentication/authorization and accounting packets, the port for
authentication/authorization must be different from that for accounting.
You can set the maximum number of stop-accounting request transmission buffer, allowing the
device to buffer and resend a stop-accounting request until it receives a response or the number of
transmission retries reaches the configured limit. In the latter case, the device discards the packet.
You can set the maximum number of accounting request transmission attempts on the device,
allowing the device to disconnect a user when the number of accounting request transmission
attempts for the user reaches the limit but it still receives no response to the accounting request.
The IP addresses of the primary and secondary accounting servers cannot be the same. Otherwise,
the configuration fails.
Currently, RADIUS does not support keeping accounts on FTP users.
Setting the Shared Key for RADIUS Packets
The RADIUS client and RADIUS server use the MD5 algorithm to encrypt packets exchanged between
them and a shared key to verify the packets. Only when the same key is used can they properly receive
the packets and make responses.
Follow these steps to set the shared key for RADIUS packets:
To do...
Enter system view
Enter RADIUS scheme view
Set the shared key for RADIUS
authentication/authorization or
accounting packets
The shared key configured on the device must be the same as that configured on the RADIUS server.
Setting the Upper Limit of RADIUS Request Retransmission Attempts
Because RADIUS uses UDP packets to carry data, the communication process is not reliable. If a NAS
receives no response from the RADIUS server before the response timeout timer expires, it is required
Use the command...
system-view
radius scheme
radius-scheme-name
key { accounting |
authentication } string
1-21
Remarks
—
—
Required
No key by default
Advertisement
Chapters
Table of Contents
Troubleshooting
