The radius-server command configures the IP address, interface number, VPN instance, and weight of the server in a RADIUS server group.
The undo radius-server command deletes the server from a RADIUS server group.
By default, no RADIUS authentication and accounting server is configured.
radius-server { accounting | authentication } ip-address port { vpn-instance instance-name | { shared-key key-string | shared-key-cipher cipher-string } | source { interface-name | interface-type interface-num | ip-address ip-address } } * [ weight weight-value ]
radius-server { accounting | authentication } ipv6-address port [ weight weight-value ]
radius-server { accounting | authentication } ip-address [ vpn-instance instance-name | source { { interface-name | interface-type interface-num } | ip-address source-ip-address } | { shared-key key-string | shared-key-cipher cipher-string } ] * port [ weight weight-value ]
undo radius-server { accounting | authentication } ipv6-address [ port ]
undo radius-server { accounting | authentication }
undo radius-server { accounting | authentication } ip-address [ vpn-instance instance-name ] [ port ]
radius-server { accounting | authentication } ip-address [ vpn-instance instance-name ] ppp-user-port port
undo radius-server { accounting | authentication } [ ip-address [ vpn-instance instance-name ] ] ppp-user-port [ port ]
| Parameter | Description | Value |
|---|---|---|
| accounting |
Indicates the number of transmission times or the retransmission timeout period for all RADIUS accounting servers in the RADIUS server group view. |
- |
| authentication |
Indicates the number of transmission times or the retransmission timeout period for all RADIUS authentication servers in the RADIUS server group view. |
- |
| ip-address source-ip-address |
Specifies source IP address of the server. |
The value is in dotted decimal notation. |
| ip-address |
Specifies the IPv4 address of the server. The value is in the format of "X.X.X.X" and must be a valid unicast address. |
The value is in dotted decimal notation. |
| vpn-instance instance-name |
Specifies the VPN instance name. |
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string. |
| shared-key key-string |
Specifies the shared-key password. |
The value is a string of 1 to 128 case-sensitive characters. The string can contain spaces if it is enclosed in double quotation marks ("). |
| shared-key-cipher cipher-string |
Specifies the shared-key in encrypted or plain text, and the configured text will be displayed as encrypted text. |
In the case of a simple text password, the value is a string of 1 to 128 case-sensitive characters, without spaces. In the case of a cipher text password, the value is a string of 1 to 268 case-sensitive characters, without spaces. |
| source |
Source interface. |
- |
| interface-name |
Specifies the source interface name. |
The value is a string of 1 to 63. |
| interface-type |
Specifies the source interface type. |
- |
| interface-num |
Specifies the source interface number. |
- |
| weight weight-value |
Indicates the weight of the accounting server. The weight-value parameter is valid only when loading-share is used in the radius-server algorithm command. Specifies the weight of the server. In load balancing mode, a RADIUS server with a larger weight is more likely to be selected. The default value is 0. |
The value is an integer ranging from 0 to 100. |
| ipv6-address |
Specifies the IPv6 address of the server. The value is in the format of "X:X::X:X" . |
The value is a 32-digit hexadecimal number. |
| ppp-user-port port |
Specifies the interface number of the server. |
The value is an integer that ranges from 1 to 65535. |
Usage Scenario
If the RADIUS authentication or accounting server is used for authentication or accounting, use the radius-server command to configure the IP address, interface number, VPN instance, and weight of the authentication or accounting server in a RADIUS server group.
To improve the usage of RADIUS authentication or accounting server resources on a live network, divide a RADIUS authentication or accounting server into several logical RADIUS authentication or accounting servers. These logical RADIUS authentication or accounting servers share one IP address and one VPN instance and need to be differentiated using interface numbers. In this situation, you can run the radius-server command to configure the same IP address and VPN instance name but different interface numbers for the logical RADIUS servers.Precautions
<HUAWEI> system-view [~HUAWEI] radius-server group huawei [*HUAWEI-radius-huawei] radius-server authentication 10.163.155.13 1813 weight 50
<HUAWEI> system-view [~HUAWEI] radius-server group group1 [*HUAWEI-radius-group1] radius-server accounting 10.1.155.12 1812 source loopback 10
<HUAWEI> system-view [~HUAWEI] radius-server group huawei [*HUAWEI-radius-huawei] radius-server accounting 10.163.155.13 1813 weight 50