2-11Configuring RADIUS Authentication/Authorization ServersFollow these steps to configure RADIUS authentication/authorization servers:To do… Use the command… RemarksEnter system view system-view —Create a RADIUS scheme andenter its viewradius schemeradius-scheme-nameRequiredBy default, a RADIUS schemenamed "system" has alreadybeen created in the system.Set the IP address and portnumber of the primary RADIUSauthentication/authorizationserverprimary authenticationip-address [ port-number ]RequiredBy default, the IP address andUDP port number of theprimary server are 0.0.0.0 and1812 respectively for a newlycreated RADIUS scheme.Set the IP address and portnumber of the secondaryRADIUSauthentication/authorizationserversecondary authenticationip-address [ port-number ]OptionalBy default, the IP address andUDP port number of thesecondary server are 0.0.0.0and 1812 respectively for anewly created RADIUSscheme.z The authentication response sent from the RADIUS server to the RADIUS client carriesauthorization information. Therefore, you need not (and cannot) specify a separate RADIUSauthorization server.z In an actual network environment, you can specify one server as both the primary and secondaryauthentication/authorization servers, as well as specifying two RADIUS servers as the primary andsecondary authentication/authorization servers respectively.z The IP address and port number of the primary authentication server used by the default RADIUSscheme "system" are 127.0.0.1 and 1645.Configuring Ignorance of Assigned RADIUS Authorization AttributesA RADIUS server can be configured to assign multiple authorization attributes, such as authorizationVLAN and idle timeout. Some users may need the attributes but some users may not. Such conflictoccurs if the RADIUS server does not support user-based attribute assignment or it performs uniformeduser management.The RADIUS authorization attribute ignoring function can solve this issue. It is configured as perRADIUS scheme. Users using a RADIUS scheme with this function enabled can ignore certainunexpected attributes.
