secondary accounting (RADIUS scheme view)
Syntax
secondary accounting { ipv4-address | ipv6 ipv6-address } [ port-number | key [ cipher | simple ] key ] *
undo secondary accounting [ ipv4-address | ipv6 ipv6-address ]
View
RADIUS scheme view
Default level
2: System level
Parameters
ipv4-address: Specifies the IPv4 address of the secondary accounting server, in dotted decimal notation.
ipv6 ipv6-address: Specifies the IPv6 address of the secondary accounting server.
port-number: Specifies the service port number of the secondary RADIUS accounting server, which is a UDP port number in the range of 1 to 65535 and defaults to 1813.
key [ cipher | simple ] key: Sets the shared key for secure communication with the secondary RADIUS accounting server.
cipher key: Sets a ciphertext shared key. The key argument is case sensitive.
In non-FIPS mode, the key is a string of 1 to 117 characters.
In FIPS mode, the key is a string of 8 to 117 characters.
simple key: Sets a plaintext shared key. The key argument is case sensitive.
In non-FIPS mode, the key is a string of 1 to 64 characters.
In FIPS mode, the key is a string of 8 to 64 characters. The string must contain digits, uppercase letters, lowercase letters, and special characters.
If neither cipher nor simple is specified, you set a plaintext shared key string.
Description
Use secondary accounting to specify secondary RADIUS accounting servers for a RADIUS scheme.
Use undo secondary accounting to remove a secondary RADIUS accounting server.
By default, no secondary RADIUS accounting server is specified.
Make sure the port number and shared key settings of the secondary RADIUS accounting server are the same as those configured on the server.
You can configure up to 16 secondary RADIUS accounting servers for a RADIUS scheme by executing this command repeatedly. After the configuration, if the primary server fails, the switch looks for a secondary server in active state (a secondary RADIUS accounting server configured earlier has a higher priority) and tries to communicate with it.
The IP addresses of the accounting servers and those of the authentication/authorization servers must be of the same IP version.
The IP addresses of the primary and secondary accounting servers must be different from each other and use the same IP version. Otherwise, the configuration fails.
The shared key configured by this command takes precedence over that configured by using the key accounting [ cipher | simple ] key command.
If you remove a secondary accounting server when the switch has already sent a start-accounting request to the server, the communication with the secondary server times out, and the switch looks for a server in active state from the primary server on.
If you remove an accounting server being used by online users, the switch no longer sends real-time accounting or stop-accounting requests for the users, and does not buffer the stop-accounting requests.
For secrecy, all shared keys, including shared keys configured in plain text, are saved in cipher text to the configuration file.
Related commands: key and state.
Examples
# For RADIUS scheme radius2, specify two secondary accounting servers with the server IP addresses of 10.110.1.1 and 10.110.1.2 and the UDP port number of 1813. Set the shared keys to hello in plain text.
<Sysname> system-view [Sysname] radius scheme radius2 [Sysname-radius-radius2] secondary accounting 10.110.1.1 1813 key hello [Sysname-radius-radius2] secondary accounting 10.110.1.2 1813 key hello