33-12The RADIUS service configuration is performed on a RADIUS scheme basis. In an actual networkenvironment, you can either use a single RADIUS server or two RADIUS servers (primary andsecondary servers with the same configuration but different IP addresses) in a RADIUS scheme. Aftercreating a new RADIUS scheme, you should configure the IP address and UDP port number of eachRADIUS server you want to use in this scheme. These RADIUS servers fall into two types:authentication/authorization, and accounting. And for each type of server, you can configure twoservers in a RADIUS scheme: primary server and secondary server. A RADIUS scheme has someparameters such as IP addresses of the primary and secondary servers, shared keys, and types of theRADIUS servers.In an actual network environment, you can configure the above parameters as required. But you shouldconfigure at least one authentication/authorization server and one accounting server, and you shouldkeep the RADIUS server port settings on the switch consistent with those on the RADIUS servers.Actually, the RADIUS service configuration only defines the parameters for information exchangebetween switch and RADIUS server. To make these parameters take effect, you must reference theRADIUS scheme configured with these parameters in an ISP domain view (refer to AAA Configuration).Creating a RADIUS SchemeThe RADIUS protocol configuration is performed on a RADIUS scheme basis. You should first create aRADIUS scheme and enter its view before performing other RADIUS protocol configurations.Follow these steps to create a RADIUS scheme:To do… Use the command… RemarksEnter system view —system-viewOptionalEnable RADIUSauthentication port radius client enable By default, RADIUS authentication portis enabled.RequiredCreate a RADIUSscheme and enter itsviewradius schemeradius-scheme-name By default, a RADIUS scheme named"system" has already been created inthe system.A RADIUS scheme can be referenced by multiple ISP domains simultaneously.Configuring RADIUS Authentication/Authorization ServersFollow these steps to configure RADIUS authentication/authorization servers: