RADIUS uses the User Datagram Protocol (UDP) as the transmission protocol, and therefore it has outstanding real-time performance. RADIUS also has high reliability because it uses the retransmission mechanism and allows backup server deployment. RADIUS is easy to implement and can use the multi-threading structure of the server when there are a large number of users.
The NAS can function as a RADIUS client to perform the following functions:
l Supports the standard RADIUS protocol and extended attributes.
l Actively detects the status of the RADIUS server. After the NAS receives an authentication or accounting message but finds that the connected server is down, it starts server detection and sends a detection packet carrying the message to the server. If the detection packet is responded to by the RADIUS server, the NAS considers the server available again.
l Automatically switches traffic to another RADIUS server in the server group. If the current server is unavailable or the number of retransmissions exceeds the upper limit, the NAS sends packets to an alternate server in the server group.
l Communicates with the RADIUS server using IPv4 or IPv6.
l Supports vendor-specific attributes.
We can deploy the radius authentication for the user login, the shared key is Huawei@123, the authentication port is 1645.
The configuration template is as below:
Table 1-1 NE20/NE40/NE9000 Radius Authentication Example
# radius enable # radius-server group radius radius-server shared-key-cipher Huawei@123 radius-server authentication 1.1.1.1 1645 radius-server authentication 1.1.1.2 1645 secondary radius-server user-name original # aaa authentication-scheme radius authentication-mode radius local # accounting-scheme radius accounting-mode radius # domain radius authentication-scheme radius accounting-scheme radius radius-server group radius # commit # |
