The radius-server shared-key command configures the shared key of a RADIUS server.
The undo radius-server shared-key command deletes the shared key of a RADIUS server.
By default, no shared key of RADIUS server is configured.
Parameter |
Description |
Value |
|---|---|---|
cipher |
Indicates the shared key in cipher text. |
- |
key-string |
Specifies the shared key of a RADIUS server. |
The value is a case-sensitive character string without spaces, single quotation marks ('), or question marks (?). key-string can be a string of 1-128 characters in plain text or a string of 48, 68, 88, 108, 128, 148, 168, or 188 characters in cipher text. |
Usage Scenario
The shared key is used to encrypt the password and generate the response authenticator.
When exchanging authentication packets with a RADIUS server, the device uses MD5 to encrypt important data such as the password to ensure security of data transmission over the network. To ensure validity of both communication parties, the device and RADIUS server must be configured with the same shared key.
Precautions
In the versions earlier than V200R010C00SPC300, the default RADIUS shared key is huawei. The key is not displayed in command output.
In V200R010C00SPC300 and later versions, there is no default RADIUS shared key.
If the default shared key is used in a version earlier than V200R010C00SPC300, the radius-server shared-key huawei command is automatically executed to set the shared key to huawei after the version is upgraded to V200R010C00SPC300 or later.
For security purposes, change the default shared key immediately. It is recommended that the new shared key contains at least two types of lower-case letters, upper-case letters, numerals, and special characters, and contains at least 6 characters.