[x]

RADIUS commands > primary authentication (RADIUS scheme view)

 

 Next

primary authentication (RADIUS scheme view)

Use primary authentication to specify the primary RADIUS authentication server.

Use undo primary authentication to restore the default.

Syntax

primary authentication { host-name | ipv4-address | ipv6 ipv6-address } [ port-number | key { cipher | simple } string | test-profile profile-name | vpn-instance vpn-instance-name | weight weight-value ] *

undo primary authentication

Default

The primary RADIUS authentication server is not specified.

Views

RADIUS scheme view

Predefined user roles

network-admin

mdc-admin

Parameters

host-name: Specifies the host name of the primary RADIUS authentication server, a case-insensitive string of 1 to 253 characters.

ipv4-address: Specifies the IPv4 address of the primary RADIUS authentication server.

ipv6 ipv6-address: Specifies the IPv6 address of the primary RADIUS authentication server.

port-number: Specifies the service port number of the primary RADIUS authentication server. The value range for the UDP port number is 1 to 65535. The default setting is 1812.

key: Specifies the shared key for secure communication with the primary RADIUS authentication server.

cipher: Specifies the key in encrypted form.

simple: Specifies the key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.

string: Specifies the key. This argument is case sensitive.

test-profile profile-name: Specifies a test profile for detecting the RADIUS server status. The profile-name argument is a case-sensitive string of 1 to 31 characters.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the primary RADIUS authentication server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the server is on the public network, do not specify this option.

weight weight-value: Specifies a weight value for the RADIUS server. The value range for the weight-value argument is 0 to 100, and the default value is 0. The value 0 indicates that the RADIUS server will not be used for load sharing. This option takes effect only when the RADIUS server load sharing feature is enabled for the RADIUS scheme. A larger weight value represents a higher capacity to process authentication requests.

Usage guidelines

Make sure the service port and shared key settings of the primary RADIUS authentication server are the same as those configured on the server.

Two authentication servers specified for a scheme, primary or secondary, cannot have identical VPN instance, host name, IP address, and port number settings.

The shared key configured by this command takes precedence over the shared key configured with the key authentication command.

The server status detection is triggered for the server if the specified test profile exists on the device.

If the specified server resides on an MPLS L3VPN, specify the VPN instance by using the vpn-instance vpn-instance-name option. The VPN instance specified by this command takes precedence over the VPN instance specified for the RADIUS scheme.

If you use the primary authentication command to modify or delete the primary authentication server during an authentication process, communication with the primary server times out.

Examples

# In RADIUS scheme radius1, specify the primary authentication server with IP address 10.110.1.1, UDP port number 1812, and plaintext shared key 123456TESTauth&!.

<Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] primary authentication 10.110.1.1 1812 key simple 123456TESTauth&!

Related commands

display radius scheme

key (RADIUS scheme view)

radius-server test-profile

secondary authentication (RADIUS scheme view)

server-load-sharing enable

vpn-instance (RADIUS scheme view)

prev

 

up

 next

primary accounting (RADIUS scheme view) 

home

 radius attribute extended

© Copyright 2018 Hewlett Packard Enterprise Development LP