Configuring Shared Keys for RADIUS Messages
Both RADIUS client and server adopt MD5 algorithm to encrypt RADIUS messages before they are
exchanged between the two parties. The two parties verify the validity of the RADIUS messages
received from each other by using the shared keys that have been set on them, and can accept and
respond to the messages only when both parties have the same shared key.
Follow these steps to configure shared keys for RADIUS messages:
To do...
Enter system view
Create a RADIUS scheme and
enter its view
Set a shared key for RADIUS
authentication/authorization
messages
Set a shared key for RADIUS
accounting messages
The authentication/authorization shared key and the accounting shared key you set on the switch must
be respectively consistent with the shared key on the authentication/authorization server and the
shared key on the accounting server.
Configuring the Maximum Number of RADIUS Request Transmission Attempts
The communication in RADIUS is unreliable because this protocol uses UDP packets to carry its data.
Therefore, it is necessary for the switch to retransmit a RADIUS request if it gets no response from the
RADIUS server after the response timeout timer expires. If the switch gets no answer after it has tried
the maximum number of times to transmit the request, the switch considers that the request fails.
Follow these steps to configure the maximum transmission attempts of a RADIUS request:
To do...
Enter system view
Create a RADIUS scheme and
enter its view
Set the maximum number of
RADIUS request transmission
attempts
Use the command...
system-view
radius scheme
radius-scheme-name
key authentication string
key accounting string
Use the command...
system-view
radius scheme
radius-scheme-name
retry retry-times
2-14
Remarks
—
Required
By default, a RADIUS scheme
named "system" has already
been created in the system.
Required
By default, no shared key is
created.
Required
By default, no shared key is
created.
Remarks
—
Required
By default, a RADIUS scheme
named "system" has already
been created in the system.
Optional
By default, the system can try
three times to transmit a
RADIUS request.