96
key
: Specifies the shared key for secure communication with the session-control client.
cipher
: Specifies the key in encrypted form.
simple
: Specifies the key in plaintext form. For security purposes, the key specified in plaintext form
will be stored in encrypted form.
string
: Specifies the key. This argument is case sensitive.
•
In non-FIPS mode, the encrypted form of the key is a string of 1 to 117 characters. The plaintext
form of the key is a string of 1 to 64 characters.
•
In FIPS mode, the encrypted form of the key is a string of 15 to 117 characters. The plaintext
form of the key is a string of 15 to 64 characters. The plaintext string must contain digits,
uppercase letters, lowercase letters, and special characters.
vpn-instance
vpn-instance-name
: Specifies an MPLS L3VPN instance to which the RADIUS
session-control client belongs. The
vpn-instance-name
argument is a case-sensitive string of 1 to 31
characters. If the client is on the public network, do not specify this option.
all
: Specifies all session-control clients.
Usage guidelines
To verify the session-control packets sent from a RADIUS server running on IMC, specify the
RADIUS server as a session-control client to the device. The device matches a session-control
packet to a session-control client based on the IP address and VPN instance, and then uses the
shared key of the matched client to validate the packet.
The device searches the session-control client settings prior to searching all RADIUS scheme
settings for finding a server with matching settings. This process narrows the search scope for
finding the matched RADIUS server.
The session-control client settings take effect only when the RADIUS session-control feature is
enabled.
The session-control client settings must be the same as the corresponding settings of the RADIUS
server.
You can specify multiple session-control clients on the device.
Examples
# Specify a session-control client with IP address 10.110.1.2 and shared key
12345
in plaintext form.
<Sysname> system-view
[Sysname] radius session-control client ip 10.110.1.2 key simple 12345
Related commands
radius session-control enable
radius session-control enable
Use
radius session-control enable
to enable the RADIUS session-control feature.
Use
undo radius session-control enable
to disable the RADIUS session-control feature.
Syntax
radius session-control enable
undo radius session-control enable
Default
The RADIUS session-control feature is disabled.
Views
System view