[x]

Configuring RADIUS > Specifying RADIUS authentication servers

 

 Next

Specifying RADIUS authentication servers

About RADIUS authentication servers

A RADIUS authentication server completes authentication and authorization together, because authorization information is piggybacked in authentication responses sent to RADIUS clients.

You can specify one primary authentication server and a maximum of 16 secondary authentication servers for a RADIUS scheme. Secondary servers provide AAA services when the primary server becomes unreachable. The device searches for an active server in the order the secondary servers are configured.

When RADIUS server load sharing is enabled, the device distributes the workload over all servers without considering the primary and secondary server roles. The device checks the weight value and number of currently served users for each active server, and then determines the most appropriate server in performance to receive an authentication request.

Restrictions and guidelines

If redundancy is not required, specify only the primary server.

A RADIUS authentication server can function as the primary authentication server for one scheme and a secondary authentication server for another scheme at the same time.

Two authentication servers in a scheme, primary or secondary, cannot have the same combination of VPN instance, host name, IP address, and port number.

Procedure

  1. Enter system view.

    system-view

  2. Enter RADIUS scheme view.

    radius scheme radius-scheme-name

  3. Specify the primary RADIUS authentication server.

    primary authentication { host-name | ipv4-address | ipv6 ipv6-address } [ port-number | key { cipher | simple } string | test-profile profile-name | vpn-instance vpn-instance-name | weight weight-value ] *

    By default, no primary RADIUS authentication server is specified.

    The weight keyword takes effect only when the RADIUS server load sharing feature is enabled for the RADIUS scheme.

  4. (Optional.) Specify a secondary RADIUS authentication server.

    secondary authentication { host-name | ipv4-address | ipv6 ipv6-address } [ port-number | key { cipher | simple } string | test-profile profile-name | vpn-instance vpn-instance-name | weight weight-value ] *

    By default, no secondary RADIUS authentication servers are specified.

    The weight keyword takes effect only when the RADIUS server load sharing feature is enabled for the RADIUS scheme.

prev

 

up

 next

Creating a RADIUS scheme 

home

 Specifying the RADIUS accounting servers

© Copyright 2017 Hewlett Packard Enterprise Development LP