222 CHAPTER 9: AAA AND RADIUS OPERATION
Several ISP domains can use a RADIUS server group at the same time.
By default, the system has a RADIUS server group named system whose attributes
are all default values. The default attribute values are introduced in the following
section.
Setting the IP Address and Port Number of RADIUS Server
After creating a RADIUS server group, you set IP addresses and UDP port numbers
for the RADIUS servers, including primary/second authentication/authorization
servers and accounting servers. You can configure up to 4 groups of IP addresses
and UDP port numbers. However, you have to set one group of IP address’ and
UDP port numbers for each pair of primary/second servers to ensure normal AAA
operation.
Perform the following configurations in RADIUS server group view.
In real networking environments, the above parameters should be set according to
the specific requirements. For example, you may specify 4 groups of different data
to map 4 RADIUS servers, or specify one of the two servers as primary
authentication/authorization server and second accounting server and the other
one as second authentication/authorization server and primary accounting server.
You may also set 4 groups of exactly the same data so that every server serves as a
primary and secondary AAA server.
To guarantee normal interaction between the NAS and RADIUS servers, you must
to guarantee a default route between RADIUS server and NAS before setting IP
address and UDP port of the RADIUS server. Because RADIUS protocol uses
different UDP ports to receive/transmit authentication/authorization and
accounting packets, you should set two different ports accordingly. Suggested by
RFC2138/2139, the authentication/authorization port number is 1812 and the
accounting port number is 1813. However, you may use values other than the
Table 236 Set IP Address and Port Number of RADIUS Server
Operation Command
Set IP address and port number of primary
RADIUS authentication/authorization server.
primary authentication ip-address
[ port-number ]
Restore IP address and port number of primary
RADIUS authentication/authorization or server
to the default values.
undo primary authentication
Set IP address and port number of primary
RADIUS accounting server.
primary accounting ip-address [
port-number ]
Restore IP address and port number of primary
RADIUS accounting server or server to the
default values.
undo primary accounting
Set IP address and port number of secondary
RADIUS authentication/authorization server.
secondary authentication
ip-address [ port-number ]
Restore IP address and port number of second
RADIUS authentication/authorization or server
to the default values.
undo secondary authentication
Set IP address and port number of second
RADIUS accounting server.
secondary accounting ip-address [
port-number ]
Restore IP address and port number of second
RADIUS accounting server or server to the
default values.
undo secondary accounting