Installation manual

ManualsBrandsQuidway ManualsComputer equipmentS3000-EI Series

231

232

233

234

235

236

237

238

239

240

Operation Manual - Security

Quidway S3000-EI Series Ethernet Switches

Chapter 2 AAA and RADIUS Protocol

Configuration

Huawei Technologies Proprietary

2-12

Operation Command

Set IP address and port number of second

RADIUS accounting server.

secondar

ip-address

y accounting

[ port-number ]

R store IP address and port number of e

o secondary accounting

se ond RADIUS accounting server or server

und

to the default values.

In real networking environments, the above parameters shall be set according to the

authorization server and second accounting server and the other one as

second authentication/authorization server and primary accounting server, or you may

that every server serves as a primary and

fferent UDP ports to receive/transmit authentication/authorization and

accounting packets, you shall set two different ports accordingly. Suggested by

nting port

gested ones.

(Especially for some earlier RADIUS Servers, authentication/authorization port number

1646.)

The RADIUS t settings on Quidway Series e supposed to be

c RADIUS server. Normally, RADIUS accounting

s 13 and the authenti .

B ses of nd

nting servers are 0.0.0.0, authentication/authorization service port is 1812 and

ccounting service UDP port is 1813.

2.3.3 Sett

ey.

Only when the keys are identical can both ends to accept the packets from each other

You can use the following commands to set the encryption key for RADIUS packets.

specific requirements. For example, you may specify 4 groups of different data to map

4 RADIUS servers, or specify one of the two servers as primary

authentication/

also set 4 groups of exactly same data so

second AAA server.

To guarantee the normal interaction between NAS and RADIUS server, you are

supposed to guarantee the normal routes between RADIUS server and NAS before

setting IP address and UDP port of the RADIUS server. In addition, because RADIUS

protocol uses di

RFC2138/2139, authentication/authorization port number is 1812 and accou

number is 1813. However, you may use values other than the sug

is often set to 1645 and accounting port number is

service por Switches ar

onsistent with the port settings on

ervice port is 18

cation/authorization service port is 1812

y default, all the IP addres primary/second authentication/authorization a

accou

ing RADIUS Packet Encryption Key

RADIUS client (switch system) and RADIUS server use MD5 algorithm to encrypt the

exchanged packets. The two ends verify the packet through setting the encryption k

end and give response.

Perform the following configurations in RADIUS scheme view.