Table of Contents
Advertisement
becomes unavailable. The device searches for an active server in the order the secondary servers
are configured.
If redundancy is not required, specify only the primary server. A RADIUS authentication server can
act as the primary authentication server for one scheme and a secondary authentication server for
another scheme at the same time.
When RADIUS server load sharing is enabled, the device distributes the workload over all servers
without considering the primary and secondary server roles. The device checks the weight value and
number of currently served users for each active server, and then determines the most appropriate
server in performance to receive an authentication request.
To specify a RADIUS server by hostname in an MPLS VPN network, first complete one of the
following tasks on the device:
•
Configure hostname-to-IP address mappings for the VPN instance by using the ip host or ipv6
host command.
•
Configure a DNS server for the VPN instance by using the dns server or ipv6 dns server
command.
For more information about these commands, see Layer 3—IP Services Command Reference.
To specify RADIUS authentication servers for a RADIUS scheme:
Step
1.
Enter system view.
2.
Enter RADIUS scheme
view.
3.
Specify RADIUS
authentication servers.
Specifying the RADIUS accounting servers and the relevant parameters
You can specify one primary accounting server and a maximum of 16 secondary accounting servers
for a RADIUS scheme. Secondary servers provide AAA services when the primary server becomes
unavailable. The device searches for an active server in the order the secondary servers are
configured.
If redundancy is not required, specify only the primary server. A RADIUS accounting server can act
as the primary accounting server for one scheme and a secondary accounting server for another
scheme at the same time.
When RADIUS server load sharing is enabled, the device distributes the workload over all servers
without considering the primary and secondary server roles. The device checks the weight value and
Command
system-view
radius scheme radius-scheme-name
•
Specify the primary RADIUS
authentication server:
primary authentication
{ host-name | ipv4-address | ipv6
ipv6-address } [ port-number |
key { cipher | simple } string |
test-profile profile-name |
vpn-instance
vpn-instance-name | weight
weight-value ] *
•
Specify a secondary RADIUS
authentication server:
secondary authentication
{ host-name | ipv4-address | ipv6
ipv6-address } [ port-number |
key { cipher | simple } string |
test-profile profile-name |
vpn-instance
vpn-instance-name | weight
weight-value ] *
24
Remarks
N/A
N/A
By default, no authentication
server is specified.
To support server status detection,
specify an existing test profile for
the RADIUS authentication server.
If the test profile does not exist, the
device cannot detect the server
status.
Two authentication servers in a
scheme, primary or secondary,
cannot have the same
combination of hostname, IP
address, port number, and VPN
instance.
The weight keyword takes effect
only when the RADIUS server load
sharing feature is enabled for the
RADIUS scheme.
Advertisement
Table of Contents
Troubleshooting
