state secondary
Use state secondary to set the status of a secondary RADIUS server.
Syntax
state secondary { accounting | authentication } [ { host-name | ipv4-address | ipv6 ipv6-address } [ port-number | vpn-instance vpn-instance-name ] * ] { active | block }
Default
A secondary RADIUS server is in active state.
Views
RADIUS scheme view
Predefined user roles
network-admin
mdc-admin
Parameters
accounting: Specifies a secondary RADIUS accounting server.
authentication: Specifies a secondary RADIUS authentication server.
host-name: Specifies the host name of the secondary RADIUS server, a case-insensitive string of 1 to 253 characters.
ipv4-address: Specifies the IPv4 address of a secondary RADIUS server.
ipv6 ipv6-address: Specifies the IPv6 address of a secondary RADIUS server.
port-number: Specifies the service port number of a secondary RADIUS server. The value range for the UDP port number is 1 to 65535. The default port numbers for authentication and accounting are 1812 and 1813, respectively.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the secondary RADIUS server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters.
active: Specifies the active state, the normal operation state.
block: Specifies the blocked state, the out-of-service state.
Usage guidelines
If you do not specify an IP address, this command changes the status of all configured secondary RADIUS servers.
If the device finds that a secondary server in active state is unreachable, the device performs the following operations:
Changes the status of the secondary server to blocked.
Starts a quiet timer for the server.
Tries to communicate with another secondary server in active state.
When the quiet timer of a server times out, the status of the server automatically changes to active. If you set the server status to blocked before the quiet timer times out, the server status cannot change back to active unless you manually set the status to active. If all configured secondary servers are unreachable, the device considers the authentication or accounting attempt a failure.
When the RADIUS server load sharing feature is enabled, the device checks the weight value and number of currently served users only for servers in active state. The most appropriate active server is selected for communication.
This command can affect the RADIUS server status detection feature when a valid test profile is specified for a secondary RADIUS authentication server.
If you set the status of the server to blocked, the device stops detecting the status of the server.
If you set the status of the server to active, the device starts to detect the status of the server.
Examples
# In RADIUS scheme radius1, set the status of all the secondary authentication servers to blocked.
<Sysname> system-view [Sysname] radius scheme radius1 [Sysname-radius-radius1] state secondary authentication block
Related commands
display radius scheme
radius-server test-profile
server-load-sharing enable
state primary