R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
145
To do… Use the command…
Remarks
Display configuration information about
a specified user group or all user groups
display user-group [ group-name ] Available in any view
Configuring RADIUS
A RADIUS scheme specifies the RADIUS servers that the LB module can cooperate with and defines a set
of parameters that the LB module uses to exchange information with the RADIUS servers. There may be
authentication/authorization servers and accounting servers, and primary servers and secondary
servers. The parameters include the IP addresses of the servers, the shared keys, and the RADIUS server
type.
You can reference a RADIUS scheme in an AAA method. See “Configuring AAA.”
NOTE:
W
hen there are users online, you cannot modify RADIUS parameters other than the number of
retransmission attempts and the timers.
Creating a RADIUS scheme
Before performing other RADIUS configurations, follow these steps to create a RADIUS scheme and enter
RADIUS scheme view:
To do… Use the command…
Remarks
Enter system view system-view —
Create a RADIUS scheme and
enter RADIUS scheme view
radius scheme
radius-scheme-name
Required
Not defined by default
NOTE:
A
RADIUS scheme can be referenced by more than one ISP domain at the same time.
Specifying the RADIUS authentication/authorization servers
You can specify one primary authentication/authorization server and one secondary
authentication/authorization servers for a RADIUS scheme so that the LB module can find a server for
user authentication/authorization when using the scheme. When the primary server is not available, the
secondary server is used, if any. In a scenario where redundancy is not required, specify only the
primary server.
In RADIUS, user authorization information is piggybacked in authentication responses sent to RADIUS
clients. It is neither allowed nor needed to specify a separate RADIUS authorization server.
Follow these steps to specify the RADIUS authentication/authorization servers:
To do… Use the command…
Remarks
Enter system view system-view —
Enter RADIUS scheme view radius scheme radius-scheme-name —