R3204P16-HP Load Balancing Module Security Command Reference-6PW101
110
Examples
# Specify the secondary accounting server for RADIUS scheme radius1.
<Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] secondary accounting 10.110.1.1 1813
secondary authentication (RADIUS scheme view)
Syntax
secondary authentication ip-address [ port-number ] [ key string ]
undo secondary authentication
View
RADIUS scheme view
Default level
2: System level
Parameters
ip-address: IPv4 address of the secondary authentication/authorization server, in dotted decimal
notation. The default is 0.0.0.0.
port-number: UDP port number of the secondary authentication/authorization server, which ranges from
1 to 65535 and defaults to 1812.
key string: Specifies the shared key for exchanging authentication/authorization packets with the
secondary RADIUS authentication/authorization server. A shared key is a case-sensitive string of 1 to 64
characters.
Description
Use the secondary authentication command to specify the secondary RADIUS
authentication/authorization server.
Use the undo secondary authentication command to remove the configuration.
By default, no secondary RADIUS authentication/authorization server is specified.
The IP addresses of the primary and secondary authentication/authorization servers cannot be the same.
Otherwise, the configuration fails.
The RADIUS service port configured on the LB module and that of the RADIUS server must be consistent.
The shared keys configured on the module for authentication/authorization packets and that configured
on the RADIUS server must be consistent.
The shared key configured in this command is used in preference. If the key string keyword and argument
combination is not configured here, the shared key configured in the key authentication string command
will be used.
The IP addresses of the primary and secondary authentication/authorization servers must be of the same
IP version.
The IP addresses of the authentication/authorization servers and those of the accounting servers must be
of the same IP version.
You can use the commands to change the settings only when no user is using the RADIUS scheme.