The radius-server pre-authentication group command specifies a RADIUS server group to use for pre-authentication in a domain.
The undo radius-server pre-authentication group command cancels a RADIUS server group used for pre-authentication in a domain.
By default, no RADIUS server group is specified to use for pre-authentication in a domain.
| Parameter | Description | Value |
|---|---|---|
| radius-group-name |
Specifies a RADIUS server group to use for pre-authentication. |
The value is a string of 1 to 32 characters. |
| priority priority |
Specifies the priority of a RADIUS server group to use for pre-authentication. |
The value is an integer ranging from 0 to 2. The smaller the priority value, the higher the priority. |
Usage Scenario
A user is usually authenticated by one RADIUS server. Sometimes the user must be pre-authenticated by another RADIUS server if a carrier wants to check multiple entries of information of the user. After you specify RADIUS server groups to use for pre-authentication in a domain, users must be pre-authenticated by the specified RADIUS server groups. The users are then authenticated by a RADIUS server group specified using the radius-server group command in the domain.
A maximum of three RADIUS server groups can be specified in a domain, so a user can be pre-authenticated for a maximum of three times. If you specify multiple RADIUS server groups in a domain, the RADIUS server group with the minimum <priority> value pre-authenticates users first. Do not specify the same priority for any two RADIUS server groups to use for pre-authentication.Prerequisites
A RADIUS server group must be created to use for pre-authentication and RADIUS servers must be configured in the RADIUS server group view.
Precautions
In VS mode, this command is supported only by the admin VS.
<HUAWEI> system-view [~HUAWEI] radius-server group group1 [*HUAWEI-radius-group1] commit [~HUAWEI-radius-group1] quit [~HUAWEI] aaa [~HUAWEI-aaa] domain huawei [*HUAWEI-aaa-domain-huawei] commit [~HUAWEI-aaa-domain-huawei] radius-server pre-authentication group group1