radius session-control client
Use radius session-control client to specify a RADIUS session-control client.
Use undo radius session-control client to remove the specified RADIUS session-control clients.
Syntax
radius session-control client { ip ipv4-address | ipv6 ipv6-address } [ key { cipher | simple } string | vpn-instance vpn-instance-name ] *
undo radius session-control client { all | { ip ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] }
Default
No RADIUS session-control clients are specified.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
ip ipv4-address: Specifies a session-control client by its IPv4 address.
ipv6 ipv6-address: Specifies a session-control client by its IPv6 address.
key: Specifies the shared key for secure communication with the session-control client.
cipher: Specifies the key in encrypted form.
simple: Specifies the key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.
string: Specifies the key. This argument is case sensitive.
In non-FIPS mode, the encrypted form of the key is a string of 1 to 117 characters. The plaintext form of the key is a string of 1 to 64 characters.
In FIPS mode, the encrypted form of the key is a string of 15 to 117 characters. The plaintext form of the key is a string of 15 to 64 characters. The plaintext string must contain digits, uppercase letters, lowercase letters, and special characters.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the RADIUS session-control client belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the client is on the public network, do not specify this option.
all: Specifies all session-control clients.
Usage guidelines
To verify the session-control packets sent from a RADIUS server running on IMC, specify the RADIUS server as a session-control client to the device. The device matches a session-control packet to a session-control client based on the IP address and VPN instance, and then uses the shared key of the matched client to validate the packet.
The device searches the session-control client settings prior to searching all RADIUS scheme settings for a server with matching settings. This process narrows the search scope for finding the matched RADIUS server.
The session-control client settings take effect only when the RADIUS session-control feature is enabled.
The session-control client settings must be the same as the corresponding settings of the RADIUS server.
You can specify multiple session-control clients on the device.
Examples
# Specify a session-control client with IP address 10.110.1.2 and shared key 12345 in plaintext form.
<Sysname> system-view [Sysname] radius session-control client ip 10.110.1.2 key simple 12345
Related commands
radius session-control enable