radius session-control client

Use radius session-control client to specify a RADIUS session-control client.

Use undo radius session-control client to remove the specified RADIUS session-control clients.


radius session-control client { ip ipv4-address | ipv6 ipv6-address } [ key { cipher | simple } string | vpn-instance vpn-instance-name ] *

undo radius session-control client { all | { ip ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] }


No RADIUS session-control clients are specified.


System view

Predefined user roles




ip ipv4-address: Specifies a session-control client by its IPv4 address.

ipv6 ipv6-address: Specifies a session-control client by its IPv6 address.

key: Specifies the shared key for secure communication with the session-control client.

cipher: Specifies the key in encrypted form.

simple: Specifies the key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.

string: Specifies the key. This argument is case sensitive.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the RADIUS session-control client belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the client is on the public network, do not specify this option.

all: Specifies all session-control clients.

Usage guidelines

To verify the session-control packets sent from a RADIUS server running on IMC, specify the RADIUS server as a session-control client to the device. The device matches a session-control packet to a session-control client based on the IP address and VPN instance, and then uses the shared key of the matched client to validate the packet.

The device searches the session-control client settings prior to searching all RADIUS scheme settings for a server with matching settings. This process narrows the search scope for finding the matched RADIUS server.

The session-control client settings take effect only when the RADIUS session-control feature is enabled.

The session-control client settings must be the same as the corresponding settings of the RADIUS server.

You can specify multiple session-control clients on the device.


# Specify a session-control client with IP address and shared key 12345 in plaintext form.

<Sysname> system-view
[Sysname] radius session-control client ip key simple 12345

Related commands

radius session-control enable