How to configure the RADIUS authentication shared key on an S series switch


The RADIUS shared key is used to encrypt packets exchanged between an access device and a RADIUS server, ensuring security of packet transmission. The RADIUS shared key configured on the access device must be the same as that configured on the RADIUS server. If an S series switch (a non-S1700 switch) functions as an access device, configure the RADIUS shared key as follows:
[HUAWEI] radius-server template shiva
[HUAWEI-radius-shiva] radius-server shared-key cipher Huawei@2012

Other related questions:
Must I configure a shared key for Portal authentication
To implement Portal authentication using an external Portal server, you must configure a shared key on switches running V100R006 and later versions to exchange information with the Portal server. The shared key configured on the switch must be the same as that configured on the Portal server.

Configuring the pre-shared IPSec key on the firewall
You can configure the IPSec pre-shared key on the USG as follows: Run the pre-shared command in the IKE peer view to configure the pre-shared key or run the undo pre-shared-key command to cancel the pre-shared key. Requirements: The pre-shared key is a string of 1-128 characters.It supports special characters(such as !,@ ,#,$,and %)instead of spaces.It is case-sensitive.The system converts the character string as cipher-text key,saved in the configuration file.Authentication keys on both ends of a security connection must be consistent. Configuration example: #Set the authentication key of IKE peer1 to Test!123. system-view //Enter the system view. [sysname] ike peer peer1 //Enter the IKE peer view. [sysname-ike-peer-peer1] pre-shared-key Test!123 //Set the pre-shared key.

Can S series switches perform RADIUS authentication and local authentication in master/backup mode
If RADIUS authentication is configured, you can also configure local authentication as the backup to prevent authentication failures caused by RADIUS server faults or network congestion. The configuration on an S series switch (except the S1700 switch) is as follows: [HUAWEI] aaa [HUAWEI-aaa] authentication-scheme scheme0 [HUAWEI-aaa-authen-scheme0] authentication-mode radius local

Prevent users failing RADIUS authentication from logging in to S series switches
Administrative users can log in to S series switches (except S1700 switches) after they pass the RADIUS authentication. Their user accounts are configured on the remote RADIUS server but not in the AAA view of a local switch. The methods of configuring switches to allow administrative users to log in after they pass the RADIUS authentication are similar.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top