The radius-server shared-key command configures the shared key for RADIUS server.
The undo radius-server shared-key command removes the configured shared key of the RADIUS server. Configuring a private key improves the security of intercommunication between the Router and RADIUS server.
By default, the shared key for the radius server is not configured.
radius-server { shared-key key-string | shared-key-cipher key-cipher-string } [ { accounting | authentication } { ip-address [ vpn-instance instance-name ] | ipv6-address } [ source { { interface-name | interface-type interface-number } | ip-address ip-address } ] port [ weight weight ] ]
undo radius-server { shared-key | shared-key-cipher }
| Parameter | Description | Value |
|---|---|---|
| shared-key key-string |
Specifies the shared key in simple text. The shared key configured in simple text is displayed in ciphertext. |
The value is a string of 1 to 128 case-sensitive characters. The string can contain spaces if it is enclosed in double quotation marks ("). |
| shared-key-cipher key-cipher-string |
Specifies the shared key in ciphertext. |
The value is a string of 1 to 268 case-sensitive characters. The string can contain spaces if it is enclosed in double quotation marks ("). |
| accounting |
Indicates the RADIUS accounting server. |
- |
| authentication |
Indicates the RADIUS authentication server. |
- |
| ip-address ip-address |
Specifies the source IP address of a server. |
The value is in dotted decimal notation. |
| ip-address |
Specifies the IPv4 address of the RADIUS server. |
The value is in dotted decimal notation. |
| vpn-instance instance-name |
Indicates the VPN instance to which the RADIUS server belongs. The value must be the name of a configured VPN instance. |
The value is a string of 1 to 31 characters. |
| ipv6-address |
Specifies the IPv6 address of the RADIUS server. |
X:X::X:X |
| source |
Source interface. |
- |
| interface-name |
Source interface. |
The value is a string of 1 to 31 characters. |
| interface-type |
Source interface type. |
- |
| interface-number |
Source interface. |
The value is a string of 1 to 31 characters. |
| port |
Specifies the interface number of the RADIUS server. |
The value ranges from 1 to 65535. |
| weight weight |
Indicates the weight of the authentication server and is used for load sharing. The weight-value parameter is valid only when the load sharing mode is adopted through the radius-server algorithm command. |
The value ranges from 0 to 100. The default value is 0 and applicable only to the load-sharing mode. |
Usage Scenario
You can run this command to modify the shared key for a RADIUS server in a RADIUS server group.
Configuration Impact
The shared key for the device must be the same as that for the RADIUS server; otherwise, they cannot communicate with each other.
Precautions
In VS mode, this command is supported only by the admin VS.
The configurations, however, can be modified only when the RADIUS server group is not in use. The shared key used for authentication and accounting between the device and RADIUS server can be simple text or ciphertext. The undo radius-server { shared-key | shared-key-cipher } command only deletes the shared key of a RADIUS server group. To delete the shared key of a specific authentication or accounting server, run the undo radius-server authentication or undo radius-server accounting command. You are advised to configure a shared-key that has no less than 16 bytes and consists of at least two types of the following characters: lowercase letters, uppercase letters, numerals, and special characters.