RADIUS Configuration 525RADIUS Configuration The RADIUS protocol configuration is performed on a RADIUS scheme basis. In anactual network environment, you can either use a single RADIUS server or twoRADIUS servers (primary and secondary servers with the same configuration butdifferent IP addresses) in a RADIUS scheme. After creating a new RADIUS scheme,you should configure the IP address and UDP port number of each RADIUS serveryou want to use in this scheme. These RADIUS servers fall into two types:authentication/authorization, and accounting. And for each kind of server, youcan configure two servers in a RADIUS scheme: primary server and secondaryserver. A RADIUS scheme has the following attributes: IP addresses of the primaryand secondary servers, shared keys, and types of the RADIUS servers.In an actual network environment, you can configure the above parameters asrequired. But you should configure at least one authentication/authorization serverand one accounting server, and at the same time, you should keep the RADIUSservice port settings on the switch consistent with those on the RADIUS servers.n Actually, the RADIUS protocol configuration only defines the parameters used forinformation exchange between the switch and the RADIUS servers. To make theseparameters take effect, you must reference the RADIUS scheme configured withthese parameters in an ISP domain view. For specific configuration commands,refer to “AAA Configuration” on page 518.Creating a RADIUSSchemeThe RADIUS protocol configuration is performed on a RADIUS scheme basis. Youshould first create a RADIUS scheme and enter its view before performing otherRADIUS protocol configurations.c CAUTION: A RADIUS scheme can be referenced by multiple ISP domainssimultaneously.Configuring RADIUSAuthentication/Authorization ServersTable 407 Create a RADIUS schemeOperation Command DescriptionEnter system view system-view -Create a RADIUS schemeand enter its viewradius schemeradius-scheme-nameRequiredBy default, a RADIUS schemenamed “system” has already beencreated in the system.Table 408 Configure RADIUS authentication/authorization serverOperation Command DescriptionEnter system view system-view -Create a RADIUS scheme andenter its viewradius schemeradius-scheme-nameRequiredBy default, a RADIUS schemenamed “system” has already beencreated in the system.Set the IP address and portnumber of the primary RADIUSauthentication/authorizationserverprimaryauthenticationip-address[ port-number ]RequiredBy default, the IP address and UDPport number of the primary serverare 0.0.0.0 and 1812 respectively.
