RADIUS Configurations

You can create, modify, and delete the RADIUS server template, authentication/accounting server, and authorization server. Before configuring a RADIUS authentication/ accounting server, you must create a RADIUS server template. A RADIUS server builds a unique database to store user names and passwords for authentication and accounting. The RADIUS authorization server receives authorization information sent by users and sends authorization information to users after users pass authorization. The S2710SI-52P,S2700SI,S2700EI-52P or S2700EI switches do not support this function.

Context

When a user logs in to a network device such as a switch or a network access server (NAS), the user name and password are sent to the NAS. After the RADIUS client (an NAS server) on the network receives the user name and password, it sends an authentication request to the RADIUS server. If the request is valid, the RADIUS server completes authentication and sends the required authorization information to the RADIUS client. If the request is invalid, the RADIUS server sends the authorization failure information to the RADIUS client.

NOTE:

Most RADIUS configurations have default values. You can perform configurations according to networking requirements. You can modify the RADIUS configuration only when the RADIUS server template is not in use.

The RADIUS authorization server is mainly used to authorize users when users select services dynamically.

Procedure

• Create a RADIUS server template.
  1. Choose Security > AAA > RADIUS Config in the navigation tree to open the RADIUS Config page.
  2. Click New to open the Create RADIUS Template page.

     Table 1 describes the parameters on the page.

     Table 1 Create a RADIUS Server Template

     Parameter	Description
     Template Name	Indicates the name of a new RADIUS server template.
     Shared Key	When sending authentication packets, the switch and the RADIUS server encrypt important data such as the password to ensure the security of data transmission over the network. To ensure the validity of the authenticator and the authenticated end, the switch and the RADIUS server must be configured with the same key. The value is a string without spaces. By default, the shared key of a RADIUS server is huawei.
     Confirm Shared Key	Indicates the confirmed shared key. The format is the same as that of the shared key.

  3. Set parameters.
  4. Click OK.
• Modify a RADIUS server template.
  1. Choose Security > AAA > RADIUS Config in the navigation tree to open the RADIUS Config page.
  2. Click to open the Modify RADIUS Template page.
     NOTE:

     • Table 1 describes the parameters on the page.
     • The template name cannot be modified.

  3. Set parameters.
  4. Click OK.
• Delete a RADIUS server template.
  1. Choose Security > AAA > RADIUS Config in the navigation tree to open the RADIUS Config page.
  2. Select a record that you want to delete and click Delete. The system asks you whether to delete the record.
     NOTE:

     • To select a record, click the check box of the record.
     • To delete records in batches, click the check boxes of the records.

  3. Click OK.
• Create a RADIUS authentication/accounting server.
  1. Choose Security > AAA > RADIUS Config in the navigation tree to open the RADIUS Config page.
  2. Click New to open the Create RADIUS Authentication/Accounting Server page.

     Table 2 describes the parameters on the page.

     Table 2 Create RADIUS Authentication/Accounting Server

     Parameter	Description
     Server Type	Indicates the server type.
     Template Name	Indicates the RADIUS server template name. This parameter is mandatory.
     Primary Server IP	Indicates the IP address of the primary server, for example, 10.10.10.1. NOTE: The IP address of the primary authentication/accounting server must be different from that of the secondary authentication/accounting server; otherwise, the system displays a message indicating that the configuration fails. Primary Server IP and Secondary Server IP cannot be empty at the same time.
     Primary Server UDP Port	Indicates the UDP port number of the primary server.
     Secondary Server IP	Indicates the IP address of the secondary server, for example, 10.10.10.2. NOTE: The IP address of the primary authentication/accounting server must be different from that of the secondary authentication/accounting server; otherwise, the system displays a message indicating that the configuration fails. Primary Server IP and Secondary Server IP cannot be empty at the same time.
     Secondary Server UDP Port	Indicates the UDP port number of the secondary server.

  3. Set parameters.
  4. Click OK.
• Modify a RADIUS authentication/accounting server.
  1. Choose Security > AAA > RADIUS Config in the navigation tree to open the RADIUS Config page.
  2. Click to open the Modify RADIUS Authentication/Accounting Server page.
     NOTE:

     Table 2 describes the parameters on the page.

  3. Set parameters.
  4. Click OK.
• Delete a RADIUS authentication/accounting server.
  1. Choose Security > AAA > RADIUS Config in the navigation tree to open the RADIUS Config page.
  2. Select a record that you want to delete and click Delete. The system asks you whether to delete the record.
     NOTE:

     • To select a record, click the check box of the record.
     • To delete records in batches, click the check boxes of the records.

  3. Click OK.
• Create a RADIUS authorization server.
  1. Choose Security > AAA > RADIUS Config in the navigation tree to open the RADIUS Config page.
  2. Click New to open the Create RADIUS Authorization Server page.

     Table 3 describes the parameters on the page.

     Table 3 Create RADIUS Authorization Server

     Parameter	Description
     Server IP	Indicates the IP address of the authorization server, for example, 10.10.10.1. This parameter is mandatory.
     RADIUS Template	Indicates the RADIUS server template name. This parameter is optional.
     Shared Key	To apply the shared key, select the check box of the shared key. This parameter is mandatory. By default, the shared key of a RADIUS server is huawei.
     Ack Reserve Interval	Indicates the duration in which an authorization acknowledgment packet is reserved. This parameter is optional.

  3. Set parameters.
  4. Click OK.
• Modify a RADIUS authorization server.
  1. Choose Security > AAA > RADIUS Config in the navigation tree to open the RADIUS Config page.
  2. Click to open the Modify RADIUS Authorization Server page.
     NOTE:

     • Table 3 describes the parameters on the page.
     • The IP address of the authorization server cannot be changed.

  3. Set parameters.
  4. Click OK.
• Delete a RADIUS authorization server.
  1. Choose Security > AAA > RADIUS Config in the navigation tree to open the RADIUS Config page.
  2. Select a record that you want to delete and click Delete. The system asks you whether to delete the record.
     NOTE:

     • To select a record, click the check box of the record.
     • To delete records in batches, click the check boxes of the records.

  3. Click OK.