radius-client
Function
The radius-client command configures the IP address, VPN instance, shared key, and RADIUS server group for a RADIUS client.
The undo radius-client command deletes a RADIUS client.
By default, no RADIUS client is configured.
This command is supported only on the NetEngine 8000 F1A.
Format
radius-client ip-address [ mask { mask-ip | mask-length } ] [ vpn-instance instance-name ] { { shared-key key | shared-key-cipher key-cipher } | server-group groupname } *
radius-client ip-address [ mask { mask-ip | mask-length } ] [ vpn-instance instance-name ] { roam-domain domain-name | domain-authorization | trigger-web { authentication | accounting | none } } *
undo radius-client ip-address [ mask { mask-ip | mask-length } ] [ vpn-instance instance-name ] [ roam-domain | domain-authorization | trigger-web { authentication | accounting | none } ] *
Parameters
| Parameter | Description | Value |
|---|---|---|
| ip-address |
Specifies the IP address of a RADIUS client. |
The value is in dotted decimal notation. |
| mask |
Specifies the mask of a RADIUS client. |
- |
| mask-ip |
Specifies the IP address mask of a RADIUS client. |
The value is in dotted decimal notation. |
| mask-length |
Specifies the IP address mask length of a RADIUS client. |
The value is an integer ranging from 0 to 32. |
| vpn-instance instance-name |
Specifies the name of a VPN instance to which a RADIUS client belongs. The specified VPN instance must have been configured. |
The value is a string of 1 to 31 characters. |
| shared-key key |
Specifies a shared key for the packet exchange between a RADIUS client and RADIUS server. |
The value is a string of 1 to 128 characters, and the default value is huawei. |
| shared-key-cipher key-cipher |
Specifies a shared cipher key for the packet exchange between a RADIUS client and RADIUS server. |
The value is a character string. If the input string is not encrypted, the string can contain 1 to 128 characters. If the input string is encrypted, the string can contain 1 to 268 characters |
| server-group groupname |
Specifies the name of a RADIUS server group. The specified RADIUS server group must have been configured. |
The value is a string of 1 to 32 characters. |
| roam-domain domain-name |
Specifies the name of a roaming domain for RADIUS proxy authentication users. The specified domain must already exist. |
The value is a string of 1 to 64 characters. |
| domain-authorization |
Specifies the authorized authentication domain for users. To allow users to access a specified roaming domain, you must specify both roam-domain and domain-authorization. |
- |
| trigger-web |
Specifies the mechanism for triggering web re-authentication for RADIUS proxy users.
By default, the device starts the re-authentication process when processing the accounting packets sent from the AC. |
- |
Usage Guidelines
Usage Scenario
In some cases, user authentication and accounting may be performed on different devices. For example, the AC is responsible for user authentication, while the BRAS is responsible for user accounting. To prevent two devices from sending authentication packets to the RADIUS server at the same time, configure the BRAS that performs user accounting as a RADIUS proxy. The RADIUS proxy then records authentication information of users when forwarding RADIUS authentication packets. To allow the BRAS to transparently transmit RADIUS packets from a specified RADIUS client (for example, the AC) to the RADIUS server, record RADIUS-delivered authorization information, and transparently transmit authentication response packets, run the radius-client command to configure a RADIUS client. If the authentication mode configured in the user domain of the BRAS is radius-proxy, the BRAS can use the recorded authorization information to authorize users.
Precautions
In VS mode, this command is supported only by the admin VS.
Example
<HUAWEI> system-view [~HUAWEI] radius-server group huawei [*HUAWEI-radius-huawei] commit [~HUAWEI-radius-huawei] quit [~HUAWEI] radius-client 10.163.0.5 shared-key Root@123 server-group huawei