F3215-HP Load Balancing Module Security Command Reference-6PW101
92
Use undo secondary authentication to remove the configuration.
Syntax
secondary authentication { ipv4-address | ipv6 ipv6-address } [ port-number | key [ cipher | simple ]
key | probe username name [ interval interval ] | vpn-instance vpn-instance-name ] *
undo secondary authentication [ ipv4-address | ipv6 ipv6-address ]
Default
No secondary RADIUS authentication/authorization server is specified.
Views
RADIUS scheme view
Default command level
2: System level
Parameters
ipv4-address: Specifies the IPv4 address of the secondary RADIUS authentication/authorization server.
ipv6 ipv6-address: Specifies the IPv6 address of the secondary RADIUS authentication/authorization
server, which must be a valid global unicast address.
port-number: Specifies the service port number of the secondary RADIUS authentication/authorization
server, a UDP port number ranging from 1 to 65535. The default setting is 1812.
key [ cipher | simple ] key: Specifies the shared key for secure communication with the secondary
RADIUS authentication/authorization server.
• cipher key: Specifies a ciphertext shared key, a case-sensitive ciphertext string of 1 to 117
characters.
• simple key: Specifies a plaintext shared key, a case-sensitive string of 1 to 64 characters.
• If neither cipher nor simple is specified, you set a plaintext shared key string.
vpn-instance vpn-instance-name: Specifies the VPN to which the secondary RADIUS
authentication/authorization server belongs. The vpn-instance-name argument is a case-sensitive string
of 1 to 31 characters. If the server is on the public network, do not specify this option.
probe: Enables the device to detect the status of the secondary RADIUS authentication/authorization
server.
username name: Specifies the username in the authentication request for server status detection.
interval interval: Specifies the detection interval. The value ranges from 1 to 3600, in minutes. The
default setting is 60 minutes.
Usage guidelines
Make sure the port number and shared key settings of the secondary RADIUS
authentication/authorization server are the same as those configured on the server.
The shared key configured by this command takes precedence over that configured by using the key
accounting [ cipher | simple ] key command.
The VPN specified by this command takes precedence over the VPN specified for the RADIUS scheme.
You can configure up to 16 secondary RADIUS authentication/authorization servers for a RADIUS
scheme. After the configuration, if the primary server fails, the device looks for a secondary server in
active state (a secondary RADIUS authentication/authorization server configured earlier has a higher
priority) and tries to communicate with it.