radius-server shared-key (RADIUS server template view)
Function
The radius-server shared-key command configures the shared key of a RADIUS server.
The undo radius-server shared-key command deletes the shared key of a RADIUS server.
The versions earlier than V600R007C20SPC300 have a default shared key. You can obtain the default key from the Huawei Security Product Default Accounts and Passwords (Enterprise Network or Carrier). You need permission to obtain this document. For details about the permission to upgrade this document, see the online help.
The V600R007C20SPC300 and later versions do not have a default shared key.
When an upgrade from a version earlier than V600R007C20SPC300 to V600R007C20SPC300 or a later version, If the radius-server template command has been run in the source version but no shared key is configured in the source version, the default shared key is retained in the target version.
Parameters
Parameter |
Description |
Value |
|---|---|---|
cipher |
Indicates the shared key in cipher text. |
- |
key-string |
Specifies the shared key of a RADIUS server. |
The value is a case-sensitive character string that cannot contain spaces, question marks (?), and single quotation marks ('), in simple text or cipher text. The length is as follows:
|
Usage Guidelines
Usage Scenario
The shared key is used to encrypt the password and generate the response authenticator.
When exchanging authentication packets with a RADIUS server, the device uses MD5 to encrypt important data such as the password to ensure security of data transmission over the network. To ensure validity of both communication parties, the device and RADIUS server must be configured with the same shared key.
Precautions
For the versions earlier than V600R007C20SPC300, to improve security, change the default shared key immediately. It is recommended that the new shared key contains at least two types of lower-case letters, upper-case letters, numerals, and special characters, and contains at least 6 characters.