540 CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL
■ When the RADIUS server used first does not respond, the succeeding servers
are used in sequence.
When the authentication or accounting port number is configured to 0, the client
does not use the authentication or accounting function provided by the server.
Table 611 Configure IP Address, Authentication Port Number and Accounting Port
Number
The default authentication port number is 1812. When configured as 0, this server
is not used as an authentication server. The default accounting port number is
1813. When configured as 0, this server is not used as an accounting server.
Configure RADIUS Server Shared Secret
The shared secret is used to encrypt user password and generate a response
authenticator. When RADIUS sends authentication messages, MD5 encryption is
applied to important information such as passwords, so the security of the
authentication information transmission in the network can be insured. To insure
the identification validity of the two parties, the secret key of the router must be
the same as the one set on the RADIUS server, so that it can pass the
authentication of the RADIUS server.
Table 612 Configure RADIUS Server Shared Secret
By default, no key is configured for the RADIUS server.
Configure the Time Interval at Which the Request Packet is Sent Before the
RADIUS Server Fails
To determine whether a RADIUS server is invalid, the router will send
authentication request packets to the RADIUS server periodically.
Table 613 Configure the Time Interval at which the Request Packet is Sent Before RADIUS
Server Fails
By default, the timeout interval is 10 seconds. The range is from 1 to 65535
seconds.
Operation Command
Configure IP address (or host name),
authentication port number and
accounting port number of RADIUS server
host.
radius server { hostname | ip-address
} [authentication-port port-number ]
[accounting-port port-number ]
Cancel RADIUS server with designated
host address or host name
undo radius server { hostname |
ip-address }
Operation Command
Configure shared secret of RADIUS server radius shared-key string
Delete shared secret of RADIUS server undo radius shared-key
Operation Command
Configure the time interval at which the
authentication request packet is sent
radius timer response-timeout
seconds
Restore default value of the time interval
at which the authentication request
packet is sent
undo radius timer response-timeout