Creating A Radius Scheme - H3C S3100-52P Operation Manual

Operation Manual – AAA – RADIUS – HWTACACS
H3C S3100-52P Ethernet Switch
RADIUS servers (primary and secondary servers with the same configuration but
different IP addresses) in a RADIUS scheme. After creating a new RADIUS scheme,
you should configure the IP address and UDP port number of each RADIUS server you
want to use in this scheme. These RADIUS servers fall into two types:
authentication/authorization, and accounting. And for each type of server, you can
configure two servers in a RADIUS scheme: primary server and secondary server. A
RADIUS scheme has some parameters such as IP addresses of the primary and
secondary servers, shared keys, and types of the RADIUS servers.
In an actual network environment, you can configure the above parameters as required.
But you should configure at least one authentication/authorization server and one
accounting server, and you should keep the RADIUS server port settings on the switch
consistent with those on the RADIUS servers.
Note:
Actually, the RADIUS protocol configuration only defines the parameters for
information exchange between switch and RADIUS server. To make these parameters
take effect, you must reference the RADIUS scheme configured with these parameters
in an ISP domain view (refer to section 1.3 "AAA Configuration").

1.4.1 Creating a RADIUS Scheme

The RADIUS protocol configuration is performed on a RADIUS scheme basis. You
should first create a RADIUS scheme and enter its view before performing other
RADIUS protocol configurations.
Table 1-12 Create a RADIUS scheme
Enter system view
Enable
authentication
accounting ports
Create
scheme and enter its view
Operation
system-view
RADIUS
and radius client enable
a RADIUS radius
radius-scheme-name
Chapter 1 AAA & RADIUS & HWTACACS
Command
scheme
1-22
Configuration
Description
—
Optional
By default, RADIUS
authentication
accounting ports
enabled.
Required
By default, a RADIUS
scheme named "system"
has already been created
in the system.
and
are