< Home

radius-server session-manage

Function

The radius-server session-manage command enables session management on the RADIUS server.

The undo radius-server session-manage command disables session management on the RADIUS server.

By default, session management is disabled on the RADIUS server.

Format

radius-server session-manage { ip-address [ vpn-instance vpn-instance-name ] shared-key cipher share-key | any }

undo radius-server session-manage [ ip-address [ vpn-instance vpn-instance-name ] | all ]

Parameters

Parameter

Description

Value
ip-address

Specifies the IP address of the RADIUS session management server.

The value is in dotted decimal notation.
vpn-instance vpn-instance-name

Specifies the name of the VPN instance bound to the RADIUS session management server.

The value must be the name of an existing VPN instance.
shared-key cipher share-key

Specifies the shared key of the RADIUS session management server.

The value is a string of case-sensitive characters without spaces, and question marks. It can be in plain-text or cipher-text format. Length range:

  • Plain text: The length ranges from 1 to 128. The system converts the character string into cipher text before saving it to the configuration file.
  • Ciphertext: The length value can be only 48, 68, 88, 108, 128, 148, 168, or 188. If a user enters a shared key with 32, 56, 80, 104, or 128 characters and the system can decrypt the shared key, the system determines that the shared key is ciphertext. If the system cannot decrypt the shared key, the system determines that the shared key is simple text.
any

Indicates that no RADIUS session management server is specified.

-
all

Deletes all RADIUS session management servers.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To improve device security, run this command to enable session management on the RADIUS server. After this function is enabled, the device checks the source IP addresses and shared keys for the received session management packets. When the source IP addresses and shared keys match the configured values, the packets are processed; otherwise, the packets are discarded.

Precautions

  • When the any parameter is specified, there is a security risk. You are advised to configure the IP address and shared key for a specified RADIUS session management server.

Example

# Enable session management on the RADIUS server, and set the IP address and shared key of the RADIUS session management server to 10.1.1.1 and Huawei@2012 respectively.

<sysname> system-view
[sysname] radius-server session-manage 10.1.1.1 shared-key cipher Huawei@2012
Parent Topic: RADIUS Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >