2-12
To do…
Use the command…
Remarks
Set the IP address and
port number of the
secondary RADIUS
accounting server
secondary
accounting
ip-address
[
port-number
]
Optional
By default, the IP address and UDP port
number of the secondary accounting
server are 0.0.0.0 and 1813 for a newly
created RADIUS scheme.
Enable stop-accounting
request buffering
stop-accounting-buffer
enable
Optional
By default, stop-accounting request
buffering is enabled.
Set the maximum
number of transmission
attempts of a buffered
stop-accounting request.
retry stop-accounting
retry-times
Optional
By default, the system tries at most 500
times to transmit a buffered
stop-accounting request.
Set the maximum
allowed number of
continuous real-time
accounting failures
retry realtime-accounting
retry-times
Optional
By default, the maximum allowed
number of continuous real-time
accounting failures is five. If five
continuous failures occur, the switch
cuts down the user connection.
z
In an actual network environment, you can specify one server as both the primary and secondary
accounting servers, as well as specifying two RADIUS servers as the primary and secondary
accounting servers respectively. In addition, because RADIUS adopts different UDP ports to
exchange authentication/authorization messages and accounting messages, you must set a port
number for accounting different from that set for authentication/authorization.
z
With stop-accounting request buffering enabled, the switch first buffers the stop-accounting
request that gets no response from the RADIUS accounting server, and then retransmits the
request to the RADIUS accounting server until it gets a response, or the maximum number of
transmission attempts is reached (in this case, it discards the request).
z
You can set the maximum allowed number of continuous real-time accounting failures. If the
number of continuously failed real-time accounting requests to the RADIUS server reaches the set
maximum number, the switch cuts down the user connection.
z
The IP address and port number of the primary accounting server of the default RADIUS scheme
"system" are 127.0.0.1 and 1646 respectively.
z
Currently, RADIUS does not support the accounting of FTP users.
Configuring Shared Keys for RADIUS Messages
Both RADIUS client and server adopt MD5 algorithm to encrypt RADIUS messages before they are
exchanged between the two parties. The two parties verify the validity of the RADIUS messages
received from each other by using the shared keys that have been set on them, and can accept and
respond to the messages only when both parties have the same shared key.
Follow these steps to configure shared keys for RADIUS messages: