Operation Manual – AAA & RADIUS & HWTACACS & EADH3C S7500 Series Ethernet SwitchesChapter 1 AAA & RADIUS & HWTACACSConfiguration1-25Caution:z In an actual network environment, you can either specify two RADIUS servers asthe primary and secondary accounting servers respectively, or specify only oneserver as both the primary and secondary accounting servers. In addition, becauseRADIUS uses different UDP ports to send/receive authentication/authorizationpackets and the accounting packets, you need to set a port number for accountingdifferent from that set for authentication/authorization.z If the RADIUS server does not respond to such a request, the switch should firstbuffer the request on itself, and then retransmit the request to the RADIUSaccounting server until it gets a response, or the maximum number of transmissionattempts is reached (in this case, it discards the request).z You can set the maximum number of real-time accounting request attempts in thecase that the accounting fails. If the switch makes all the allowed real-timeaccounting request attempts but fails to perform accounting, it cuts down theconnection of the user.z The IP address and the port number of the default primary accounting serversystem are 127.0.0.1 and 1646.z Currently, RADIUS does not support the accounting of FTP users.1.4.4 Configuring Shared Keys for RADIUS PacketsThe RADIUS client and server adopt MD5 algorithm to encrypt the RADIUS packetsexchanged with each other. The two parties verify the validity of the exchanged packetsby using the shared keys that have been set on them, and can accept and respond tothe packets sent from each other only if both of them have the same shared keys.Table 1-15 Configure shared keys for RADIUS packetsTo do... Use the command... RemarksEnter system view system-view —Create a RADIUS schemeand enter its viewradius schemeradius-scheme-nameRequiredBy default, a RADIUSscheme named systemhas already been createdin the system.Set a shared key for theRADIUSauthentication/authorization packetskey authentication string Required