F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Command Reference-6PW100
213
Syntax
secondary authentication { ipv4-address | ipv6 ipv6-address } [ port-number | key [ cipher | simple ]
key | probe username name [ interval interval ] | vpn-instance vpn-instance-name ] *
undo secondary authentication [ ipv4-address | ipv6 ipv6-address ]
Default
No secondary RADIUS authentication/authorization server is specified.
Views
RADIUS scheme view
Default command level
2: System level
Parameters
ipv4-address: Specifies the IPv4 address of the secondary RADIUS authentication/authorization server.
ipv6 ipv6-address: Specifies the IPv6 address of the secondary RADIUS authentication/authorization
server, which must be a valid global unicast address.
The following matrix shows the ipv6 ipv6-address option and firewalls and UTM devices compatibility:
Hardware O
p
tion com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 Yes
Firewall module Yes
U200-A Yes
U200-S No
port-number: Specifies the service port number of the secondary RADIUS authentication/authorization
server, a UDP port number ranging from 1 to 65535. The default setting is 1812.
key [ cipher | simple ] key: Specifies the shared key for secure communication with the secondary
RADIUS authentication/authorization server. In FIPS mode, you cannot set a plaintext key, and the key
must contain at least 8 characters comprising uppercase and lowercase letters, digits, and special
characters. In FIPS mode, a key is encrypted and decrypted by using the 3DES algorithm.
• cipher key: Specifies a ciphertext shared key, a case-sensitive ciphertext string of 1 to 117
characters.
• simple key: Specifies a plaintext shared key, a case-sensitive string of 1 to 64 characters.
• If neither cipher nor simple is specified, you set a plaintext shared key string.
vpn-instance vpn-instance-name: Specifies the VPN to which the secondary RADIUS
authentication/authorization server belongs. The vpn-instance-name argument is a case-sensitive string
of 1 to 31 characters. If the server is on the public network, do not specify this option.
probe: Enables the device to detect the status of the secondary RADIUS authentication/authorization
server.
username name: Specifies the username in the authentication request for server status detection.