The radius-server shared-key command configures the shared key of a RADIUS server.
The undo radius-server shared-key command deletes the shared key of a RADIUS server.
By default, no global shared key is configured for the RADIUS server.
radius-server ip-address { ipv4-address | ipv6-address } shared-key cipher key-string
undo radius-server ip-address { ipv4-address | ipv6-address } shared-key
Parameter |
Description |
Value |
|---|---|---|
| ip-address { ipv4-address | ipv6-address } | Specifies the IPv4 or IPv6 address of the RADIUS server. |
|
| cipher key-string | Specifies the shared key in cipher text. |
The value is a case-sensitive character string without spaces, single quotation marks ('), or question marks (?). key-string can be a string of 1-128 characters in plain text or a string of 48, 68, 88, 108, 128, 148, 168, or 188 characters in cipher text. |
Usage Scenario
The shared key is used to encrypt the password and generate the response authenticator.
When exchanging authentication packets with a RADIUS server, the device uses MD5 to encrypt important data such as the password to ensure security of data transmission over the network. To ensure validity of both communication parties, the device and RADIUS server must be configured with the same shared key.
You can run the radius-server shared-key command in the RADIUS server template view to configure the shared keys. However, after this command is run, all RADIUS servers in the template use the same shared key. To configure different shared keys for RADIUS servers, run the radius-server shared-key command in the system view.
Precautions
To improve security, it is recommended that the shared key contains at least two types of lower-case letters, upper-case letters, numerals, and special characters, and contains at least 6 characters.
When the shared keys are configured in both the RADIUS server template and system view, the configuration in the system view takes effect.