The radius-server shared-key command configures the shared key of a RADIUS server.
The undo radius-server shared-key command deletes the shared key of a RADIUS server.
By default, no global shared key is configured for the RADIUS server.
radius-server ip-address ip-address shared-key cipher key-string
undo radius-server ip-address ip-address shared-key
Parameter |
Description |
Value |
|---|---|---|
ip-address ip-address |
Specifies the IP address of the RADIUS server. |
The value is in dotted decimal notation. |
cipher key-string |
Specifies the shared key in cipher text. |
The value is a case-sensitive character string that cannot contain spaces, question marks (?), and single quotation marks ('), in simple text or cipher text. The length is as follows:
|
Usage Scenario
The shared key is used to encrypt the password and generate the response authenticator.
When exchanging authentication packets with a RADIUS server, the device uses MD5 to encrypt important data such as the password to ensure security of data transmission over the network. To ensure validity of both communication parties, the device and RADIUS server must be configured with the same shared key.
You can run the radius-server shared-key command in the RADIUS server template view to configure the shared keys. However, after this command is run, all RADIUS servers in the template use the same shared key. To configure different shared keys for RADIUS servers, run the radius-server shared-key command in the system view.
Precautions
To improve security, it is recommended that the shared key contains at least two types of lower-case letters, upper-case letters, numerals, and special characters, and contains at least 8 characters.
When the shared keys are configured in both the RADIUS server template and system view, the configuration in the system view takes effect.