Configuring the session-control feature
A RADIUS server running on IMC can use session-control packets to inform disconnect or dynamic authorization change requests. This task enables the device to receive RADIUS session-control packets on UDP port 1812.
You can specify the RADIUS server as a session-control client on the device to verify the session-control packets sent from the RADIUS server. The device matches the received packets to the session-control client based on IP and VPN instance settings, and then uses the client shared key to validate the packets.
The device searches the session-control client settings prior to searching all RADIUS settings for finding a server whose IP and VPN instance settings match the session-control packets. This process narrows the search scope for finding the matched RADIUS server.
The IP, VPN instance, and shared key settings of the session-control client must be the same as the settings of the RADIUS server.
You can specify multiple session-control clients on the device.
The session-control client configuration takes effect only when the session-control feature is enabled.
To configure the session-control feature:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable the session-control feature. | radius session-control enable | By default, the session-control feature is disabled. |
3. Specify a session-control client. | radius session-control client { ip ipv4-address | ipv6 ipv6-address } [ key { cipher | simple } string | vpn-instance vpn-instance-name ] * | By default, no session-control clients are specified. The device searches all RADIUS scheme settings to verify session-control packets. |