Table of Contents
Advertisement
With the test profile specified, the device sends a detection packet to the RADIUS server within each
detection interval. The detection packet is a simulated authentication request that includes the
specified user name in the test profile.
•
If the device receives a response from the server within the interval, it sets the server to the
active state.
•
If the device does not receive any response from the server within the interval, it sets the server
to the blocked state.
The device refreshes the RADIUS server status at each detection interval according to the detection
result.
The device stops detecting the status of the RADIUS server when one of the following operations is
performed:
•
The RADIUS server is removed from the RADIUS scheme.
•
The test profile configuration is removed for the RADIUS server in RADIUS scheme view.
•
The test profile is deleted.
•
The RADIUS server is manually set to the blocked state.
•
The RADIUS scheme is deleted.
To configure a test profile for RADIUS server status detection:
Step
1.
Enter system view.
2.
Configure a test profile for
detecting the status of
RADIUS authentication
servers.
Creating a RADIUS scheme
Create a RADIUS scheme before performing any other RADIUS configurations. You can configure a
maximum of 16 RADIUS schemes. A RADIUS scheme can be used by multiple ISP domains.
To create a RADIUS scheme:
Step
1.
Enter system view.
2.
Create a RADIUS scheme
and enter RADIUS scheme
view.
Specifying the RADIUS authentication servers
A RADIUS authentication server completes authentication and authorization together, because
authorization information is piggybacked in authentication responses sent to RADIUS clients.
You can specify one primary authentication server and a maximum of 16 secondary authentication
servers for a RADIUS scheme. Secondary servers provide AAA services when the primary server
becomes unavailable. The device searches for an active server in the order the secondary servers
are configured.
If redundancy is not required, specify only the primary server. A RADIUS authentication server can
function as the primary authentication server for one scheme and a secondary authentication server
for another scheme at the same time.
Command
system-view
radius-server test-profile
profile-name username name
[ interval interval ]
Command
system-view
radius scheme
radius-scheme-name
24
Remarks
N/A
By default, no test profiles exist.
You can configure multiple test
profiles in the system.
Remarks
N/A
By default, no RADIUS schemes
exist.
Advertisement
Table of Contents
Troubleshooting
