F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Command Reference-6PW100
199
The following matrix shows the ipv6 ipv6-address option and firewalls and UTM devices compatibility:
Hardware O
p
tion com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 Yes
Firewall module Yes
U200-A Yes
U200-S No
Usage guidelines
The source IP address of RADIUS packets that a NAS sends must match the IP address of the NAS that
is configured on the RADIUS server. A RADIUS server identifies a NAS by its IP address. Upon receiving
a RADIUS packet, a RADIUS server checks whether the source IP address of the packet is the IP address
of any managed NAS. If it is, the server processes the packet. If it is not, the server drops the packet.
The source IP address specified for outgoing RADIUS packets must be of the same IP version as the IP
addresses of the RADIUS servers in the RADIUS scheme. Otherwise, the source IP address configuration
does not take effect.
A RADIUS scheme can have only one source IP address for outgoing RADIUS packets. If you specify a
new source IP address for the same RADIUS scheme, the new one overwrites the old one.
The setting configured by the nas-ip command in RADIUS scheme view is only for the RADIUS scheme,
whereas that configured by the radius nas-ip command in system view is for all RADIUS schemes. The
setting in RADIUS scheme view takes precedence.
Examples
# Set the source IP address for outgoing RADIUS packets to 10.1.1.1.
<Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] nas-ip 10.1.1.1
Related commands
radius nas-ip
primary accounting (RADIUS scheme view)
Use primary accounting to specify the primary RADIUS accounting server.
Use undo primary accounting to remove the configuration.
Syntax
primary accounting { ipv4-address | ipv6 ipv6-address } [ port-number | key [ cipher | simple ] key |
vpn-instance vpn-instance-name ] *
undo primary accounting
Default
No primary RADIUS accounting server is specified.