Operation Manual – AAAH3C S3100-52P Ethernet switch Chapter 2 AAA Configuration2-16Note:z In an actual network environment, you can specify one server as both the primaryand secondary accounting servers, as well as specifying two RADIUS servers asthe primary and secondary accounting servers respectively. In addition, becauseRADIUS adopts different UDP ports to exchange authentication/authorizationmessages and accounting messages, you must set a port number for accountingdifferent from that set for authentication/authorization.z With stop-accounting request buffering enabled, the switch first buffers thestop-accounting request that gets no response from the RADIUS accounting server,and then retransmits the request to the RADIUS accounting server until it gets aresponse, or the maximum number of transmission attempts is reached (in this case,it discards the request).z You can set the maximum allowed number of continuous real-time accountingfailures. If the number of continuously failed real-time accounting requests to theRADIUS server reaches the set maximum number, the switch cuts down the userconnection.z The IP address and port number of the primary accounting server of the defaultRADIUS scheme "system" are 127.0.0.1 and 1646 respectively.z Currently, RADIUS does not support the accounting of FTP users.2.2.4 Configuring Shared Keys for RADIUS MessagesBoth RADIUS client and server adopt MD5 algorithm to encrypt RADIUS messagesbefore they are exchanged between the two parties. The two parties verify the validityof the RADIUS messages received from each other by using the shared keys that havebeen set on them, and can accept and respond to the messages only when both partieshave the same shared key.Follow these steps to configure shared keys for RADIUS messages:To do… Use the command… RemarksEnter system view system-view —Create a RADIUS schemeand enter its viewradius schemeradius-scheme-nameRequiredBy default, a RADIUSscheme named "system"has already been createdin the system.Set a shared key forRADIUSauthentication/authorization messageskey authentication stringRequiredBy default, no shared keyis created.