Table of Contents
Advertisement
Default level
2: System level
Parameters
ipv4-address: IPv4 address of the secondary accounting server, in dotted decimal notation. The default is
0.0.0.0.
ipv6 ipv6-address: IPv6 address of the secondary accounting server.
port-number: UDP port number of the secondary accounting server, which ranges from 1 to 65535 and
defaults to 1813.
key string: Specifies the shared key for exchanging accounting packets with the secondary RADIUS
accounting server. A shared key is a case-sensitive string of 1 to 64 characters.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN that the secondary RADIUS accounting server
belongs to, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the server is on the
public network, do not specify this keyword and argument combination.
Description
Use the secondary accounting command to specify secondary RADIUS accounting servers for a RADIUS
scheme.
Use the undo secondary accounting command to remove the configuration.
By default, no secondary RADIUS accounting server is specified.
To configure multiple secondary RADIUS accounting servers, execute this command repeatedly. After the
configuration, if the primary server fails, the device looks for a secondary server in active state (a
secondary RADIUS accounting server configured earlier has a higher priority) and tries to communicate
with it.
A RADIUS scheme supports up to 16 secondary RADIUS accounting servers.
All accounting servers, primary or secondary, must use IP addresses of the same IP version.
The IP addresses of the primary and secondary accounting servers must be different from each other.
Otherwise, the configuration fails.
The RADIUS service port configured on the device and that of the RADIUS server must be consistent.
The shared keys configured on the device for accounting packets and that configured on the RADIUS
server must be consistent.
If the specified server resides on an MPLS VPN, you also need to specify that VPN by using the vpn-
instance vpn-instance-name keyword and argument combination to ensure normal communication with
the server.
The IP addresses of the accounting servers and those of the authentication/authorization servers must be
of the same IP version.
The VPN specified here takes precedence over the VPN specified for the RADIUS scheme.
If you remove a secondary accounting server when the device is already sending a start-accounting
request to the server, the communication with the secondary server will time out, and then the device will
look for a server in active state from scratch: the new primary server is evaluated at first and then the
secondary servers according to the order in which they are configured.
If you remove an accounting server being used by online users, the device cannot send real-time
accounting requests and stop-accounting requests anymore for the users, and does not buffer the stop-
accounting requests.
61
Advertisement
Table of Contents
