Setting Radius Packet Encryption Key - Huawei Quidway S3000-EI Series Operation Manual

Operation Manual - Security
Quidway S3000-EI Series Ethernet Switches
Set IP address and port number of second
RADIUS accounting server.
R store IP address and port number of e
se ond RADIUS accounting server or server c
to the default values.
In real networking environments, the above parameters shall be set according to the
specific requirements. For example, you may specify 4 groups of different data to map
4 RADIUS
authentication/
second authentication/authorization server and primary accounting server, or you may
also set 4 groups of exactly same data so
second AAA server.
To guarantee the normal interaction between NAS and RADIUS server, you are
supposed to guarantee the normal routes between RADIUS server and NAS before
setting IP address and UDP port of the RADIUS server. In addition, because RADIUS
protocol uses di
accounting packets, you shall set two different ports accordingly. Suggested by
RFC2138/2139, authentication/authorization port number is 1812 and accou
number is 1813. However, you may use values other than the sug
(Especially for some earlier RADIUS Servers, authentication/authorization port number
is often set to 1645 and accounting port number is
The RADIUS
c onsistent with the port settings on
s ervice port is 18
B y default, all the IP addres
accou nting servers are 0.0.0.0, authentication/authorization service port is 1812 and
a ccounting service UDP port is 1813.
2.3.3 Sett ing RADIUS Packet Encryption Key
RADIUS client (switch system) and RADIUS server use MD5 algorithm to encrypt the
exchanged packets. The two ends verify the packet through setting the encryption k
Only when the keys are identical can both ends to accept the packets from each other
end and give response.
You can use the following commands to set the encryption key for RADIUS packets.
Perform the following configurations in RADIUS scheme view.
Operation
servers, or specify
authorization server and second accounting server and the other one as
fferent UDP ports to receive/transmit authentication/authorization and
service por t settings on Quidway Series
13 and the authenti
ses of
Huawei Technologies Proprietary
2-12
Chapter 2 AAA and RADIUS Protocol
secondar
ip-address
und o secondary accounting
one of the two
that every server serves as a primary and
1646.)
Switches ar
RADIUS server. Normally, RADIUS accounting
cation/authorization service port is 1812
primary/second authentication/authorization a
Configuration
Command
y accounting
[ port-number ]
servers as primary
nting port
gested ones.
e supposed to be
.
nd
ey.