User Re-authentication at Reboot 425
The switch can automatically generate the main attributes (NAS-ID, NAS-IP and
session ID) of the Accounting-On packets. However, you can also manually configure
the NAS-IP attribute with the nas-ip command. When doing this, be sure to
configure a correct and valid IP address. If this attribute is not manually configured,
the switch will automatically select the IP address of the VLAN interface as the NAS-IP
address.
Configuring User
Re-authentication at
Reboot
Configuration Example
for User
Re-authentication at
Reboot
Network requirements
Enable user re-authentication at reboot.
Configuration procedure
1Enter system view.
<S5500> system-view
2Enter the view of the RADIUS scheme named CAMS (supposing this scheme has
already existed).
[S5500] radius scheme CAMS
3Enable user re-authentication at reboot.
[S5500-radius-CAMS] accounting-on enable
Setting the RADIUS
Packet Encryption Key
The RADIUS client (Switch system) and the RADIUS server use MD5 algorithm to
encrypt the exchanged packets. The two ends verify the packet through setting the
encryption key. Only when the keys are identical can both ends accept the packets
from each other and give responses.
You can use the following commands to set the encryption key for RADIUS packets.
Perform the following configurations in RADIUS Scheme View.
Table458 Setting the RADIUS Packet Encryption Key
Table457 Configure user re-authentication at reboot
Operation Command Description
Enter system view system-view —
Enter RADIUS scheme view radius scheme
radius-scheme-name
—
Enable user re-authentication
at reboot
accounting-on enable [
send times | interval
interval ]
Optional
By default, this feature is disabled.
When this feature is enabled, the
system can send the Accounting-On
packet at most 15 times at intervals
of three seconds by default.
Operation Command
Set RADIUS authentication/authorization packet
encryption key
key authentication string
Restore the default RADIUS
authentication/authorization packet encryption key.
undo key authentication
Set RADIUS accounting packet key key accounting string
Restore the default RADIUS accounting packet key undo key accounting