No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
radius-server authentication

radius-server authentication

Function

The radius-server authentication command configures a RADIUS authentication server.

The undo radius-server authentication command deletes the configured RADIUS authentication server.

By default, no RADIUS authentication server is specified.

Format

radius-server authentication ipv4-address port [ source { loopback interface-number | ip-address ipv4-address | vlanif interface-number } | weight weight-value ] *

undo radius-server authentication [ ipv4-address [ port [ source { loopback interface-number | ip-address ipv4-address | vlanif interface-number } | weight ] * ] ]

Parameters

Parameter

Description

Value

ipv4-address

Specifies the IPv4 address of a RADIUS authentication server.

The value is a valid unicast address in dotted decimal notation.

port

Specifies the port number of a RADIUS authentication server.

The value is an integer that ranges from 1 to 65535.

source loopback interface-number

Specifies the IP address of the loopback interface taken as the source IP address. interface-number specifies the number of a loopback interface.

The loopback interface must already exist.

source ip-address ipv4-address

Specifies the source IPv4 address in RADIUS packets sent from the device to a RADIUS authentication server.

If this parameter is not specified, the IPv4 address of the outbound interface or VLANIF interface is used as the source IPv4 address in RADIUS packets sent from the device to a RADIUS authentication server.

The value is a valid unicast address in dotted decimal notation.

source vlanif interface-number

Specifies the IP address of the VLANIF interface as the source IP address. interface-number specifies the number of a VLANIF interface.

The VLANIF interface must exist.

weight weight-value

Specifies the weight of a RADIUS authentication server.

When multiple servers are available, the device uses the server with the highest weight to perform authentication. If the servers have the same weights, the device uses the server configured first to perform authentication.

The value is an integer that ranges from 0 to 100. The default value is 80.

Views

RADIUS server template view

Default Level

3: Management level

Usage Guidelines

To perform RADIUS authentication, configure a RADIUS authentication server in a RADIUS server template. The device uses the RADIUS protocol to communicate with a RADIUS authentication server to obtain authentication information, and authenticates users based on the authentication information. The device sends authentication packets to the RADIUS authentication server only after the IP address and port number of the RADIUS authentication server are specified in the RADIUS server template.

When the 802.1x authentication mode is set to EAP, the device and RADIUS authentication servers exchange packets multiple times. During the first exchange process, the device sends a request packet to the primary RADIUS authentication server. If the device resends the request packet for the maximum number of times but does not receive a response packet from the primary RADIUS authentication server, the device sends a request packet to the secondary RADIUS authentication server. If the secondary RADIUS authentication server sends a response packet to the device, the device will directly send request packets to the secondary RADIUS authentication server in the following exchange processes. In this way, the device does not need to send a request packet to the primary RADIUS authentication server first in the following exchange processes, shortening the authentication time and preventing the user authentication connection from being disconnected because the client does not receive a response packet for a long time.

For the RADIUS server in Down status, if configuration parameters except weight of the RADIUS server are modified, the server status will change from Down to Up.

Example

# Configure the IP address of the primary RADIUS authentication server to 10.163.155.13 and the port number to 1812.

<Huawei> system-view
[Huawei] radius-server template group1
[Huawei-radius-group1] radius-server authentication 10.163.155.13 1812

# Configure the IP address of the secondary RADIUS authentication server to 10.163.155.15, the port number to 1812 and the weigh to 50.

<Huawei> system-view
[Huawei] radius-server template group1
[Huawei-radius-group1] radius-server authentication 10.163.155.15 1812 weight 50
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 206051

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next