24
You can specify one primary authentication server and a maximum of 16 secondary authentication
servers for a RADIUS scheme. When the primary server is not available, the device searches for the
secondary servers in the order they are configured. The first secondary server in active state is used for
communication.
If redundancy is not required, specify only the primary server. A RADIUS authentication server can
function as the primary authentication server for one scheme and a secondary authentication server for
another scheme at the same time.
To specify RADIUS authentication servers for a RADIUS scheme:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter RADIUS scheme
view.
radius scheme
radius-scheme-name
N/A
3.
Specify RADIUS
authentication servers.
•
Specify the primary RADIUS
authentication server:
primary authentication
{
host-name
|
ipv4-address
|
ipv6
ipv6-address
} [
port-number
|
key
{
cipher
|
simple
}
string
] *
•
Specify a secondary RADIUS
authentication server:
secondary
authentication
{
host-name
|
ipv4-address
|
ipv6
ipv6-address
} [
port-number
|
key
{
cipher
|
simple
}
string
] *
By default, no authentication server
is specified.
Two authentication servers in a
scheme, primary or secondary,
cannot have the same combination
of hostname, IP address, and port
number.
Specifying the RADIUS accounting servers and the relevant parameters
You can specify one primary accounting server and a maximum of 16 secondary accounting servers for
a RADIUS scheme. When the primary server is not available, the device searches for the secondary
servers in the order they are configured. The first secondary server in active state is used for
communication.
If redundancy is not required, specify only the primary server. A RADIUS accounting server can function
as the primary accounting server for one scheme and a secondary accounting server for another scheme
at the same time.
The device sends a stop-accounting request to the accounting server in the following situations:
•
The device receives a connection teardown request from a host.
•
The device receives a connection teardown command from an administrator.
When the maximum number of real-time accounting attempts is reached, the device disconnects users
who have no accounting responses.
RADIUS does not support accounting for FTP, SFTP, and SCP users.
To specify RADIUS accounting servers and the relevant parameters for a RADIUS scheme:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter RADIUS scheme view.
radius scheme
radius-scheme-name
N/A