H3C S7500E Series Ethernet Switches Operation Manual
Operation Manual – AAA RADIUS HWTACACS
H3C S7500E Series Ethernet Switches
Chapter 1 AAA/RADIUS/HWTACACS
Configuration
1-28
z If the secondary server fails, the device restores the status of the primary server to
active immediately.
If the primary server has resumed, the device turns to use the primary server and stops
communicating with the secondary server. After accounting starts, the communication
between the client and the secondary server remains unchanged.
Follow these steps to set the status of RADIUS servers:
To do… Use the command… Remarks
Enter system view
system-view
—
Create a RADIUS scheme and
enter RADIUS scheme view
radius scheme
radius-scheme-name
Required
Not defined
by default
Set the status of the primary
RADIUS
authentication/authorization
server
state primary authentication
{ active | block }
Set the status of the primary
RADIUS accounting server
state primary accounting
{ active | block }
Set the status of the secondary
RADIUS
authentication/authorization
server
state secondary
authentication { active |
block }
Set the status of the secondary
RADIUS accounting server
state secondary accounting
{ active | block }
Optional
active for
every server
configured
with IP
address in
the RADIUS
scheme
Note:
z If both the primary server and the secondary server are in the blocked state, it is
necessary to manually turn the secondary server to the active state so that the
secondary server can perform authentication. If the secondary server is still in the
blocked state, the primary/secondary switchover cannot take place.
z If one server is in the active state while the other is blocked, the primary/secondary
switchover will not take place even if the active server is not reachable.
1.4.8 Configuring Attributes Related to the Data Sent to the RADIUS Server
Follow these steps to configure the attributes related to the data sent to the RADIUS
server: