H3C S9500 Series Operation Manual page 1163

Operation Manual – AAA RADIUS HWTACACS
H3C S9500 Series Routing Switches
Set RADIUS accounting packet encryption key
Restore the default RADIUS accounting packet
encryption key
By default, the encryption keys of RADIUS authentication/authorization and accounting
packets are all null.
1.3.4 Configuring VPN of RADIUS Server
The default address of the RADIUS Server is the address of the public network. If the
RADIUS Server is built under a private network, you must specify the VPN to which the
RADIUS Server belongs when configuring the RADIUS Server.
Use the following commands to configure the VPN of the RADIUS Server.
Perform the following operations in RADIUS scheme view to configure the VPN of
RADIUS server:
Set the VPN that the RADIUS Server belongs to
Restore the VPN attribute of RADIUS Server to the
default value
The RADIUS Server does not belong to any VPN by default.
1.3.5 Setting the Port State of the Local RADIUS Server
The local RADIUS server uses the switch itself as the RADIUS server, with port 1645 as
authentication port and port 1646 as accounting port. The two ports are enabled in the
initial state, without any corresponding command lines to enable/disable them.
Considering the policy of maximum security, certain measures are taken to control the
ports to eliminate potential security troubles.
Perform the following operations in system view to enable/disable the port of the local
RADIUS server:
Enable the port of the local RADIUS server
Disable the port of the local RADIUS server
By default, the local RADIUS server is enabled, and port 1645 and port 1646 are
enabled.
To do...
To do...
To do...
1-18
Chapter 1 AAA, RADIUS and HWTACACS
Protocol Configuration
Use the command...
key accounting string
undo key accounting
Use the command...
vpn-instance vpn-name
undo vpn-instance
Use the command...
local-server enable
undo local-server