secondary servers with the same configuration but different IP addresses) in a RADIUS scheme. After
creating a new RADIUS scheme, you should configure the IP address and UDP port number of each
RADIUS server you want to use in this scheme. These RADIUS servers fall into two types:
authentication/authorization, and accounting. And for each type of server, you can configure two
servers in a RADIUS scheme: primary server and secondary server. A RADIUS scheme has some
parameters such as IP addresses of the primary and secondary servers, shared keys, and types of the
In an actual network environment, you can configure the above parameters as required. But you should
configure at least one authentication/authorization server and one accounting server, and you should
keep the RADIUS server port settings on the device consistent with those on the RADIUS servers.
Actually, the RADIUS service configuration only defines the parameters for information exchange
between device and RADIUS server. To make these parameters take effect, you must reference the
RADIUS scheme configured with these parameters in an ISP domain view (refer to
Creating a RADIUS Scheme
The RADIUS protocol configuration is performed on a RADIUS scheme basis. You should first create a
RADIUS scheme and enter its view before performing other RADIUS protocol configurations.
Follow these steps to create a RADIUS scheme:
Enter system view
Enable RADIUS authentication
Create a RADIUS scheme and
enter its view
A RADIUS scheme can be referenced by multiple ISP domains simultaneously.
Configuring RADIUS Authentication/Authorization Servers
Follow these steps to configure RADIUS authentication/authorization servers:
Use the command...
radius client enable
By default, RADIUS
authentication port is enabled.
By default, a RADIUS scheme
named "system" has already
been created in the system.