radius-server testuser

Function

The radius-server testuser command enables the automatic detection function and configures an automatic detection account.

The undo radius-server testuser command restores the default settings.

By default, the automatic detection function is disabled.

Format

radius-server testuser username user-name password cipher password

undo radius-server testuser

Parameters

Parameter	Description	Value
username user-name	Specifies a user name used for automatic detection.	The value is a string of 1 to 253 case-sensitive characters. If the user name contains spaces, you must enclose the name with double quotation marks ("), for example, "user for test".
password cipher password	Specifies the user password for automatic detection.	The value is a case-sensitive character string that cannot contain spaces, in simple text or cipher text. The length is as follows: Simple text: 1 to 128. The system encrypts the entered character string and saves it in the configuration file. Ciphertext: The length value can be only 48, 68, 88, 108, 128, 148, 168, or 188. If a user enters a shared key with 32, 56, 80, 104, or 128 characters and the system can decrypt the shared key, the system determines that the shared key is ciphertext. If the system cannot decrypt the shared key, the system determines that the shared key is simple text.

Parameter

Description

Value

username user-name

Specifies a user name used for automatic detection.

The value is a string of 1 to 253 case-sensitive characters. If the user name contains spaces, you must enclose the name with double quotation marks ("), for example, "user for test".

password cipher password

Specifies the user password for automatic detection.

The value is a case-sensitive character string that cannot contain spaces, in simple text or cipher text. The length is as follows:

Simple text: 1 to 128. The system encrypts the entered character string and saves it in the configuration file.
Ciphertext: The length value can be only 48, 68, 88, 108, 128, 148, 168, or 188. If a user enters a shared key with 32, 56, 80, 104, or 128 characters and the system can decrypt the shared key, the system determines that the shared key is ciphertext. If the system cannot decrypt the shared key, the system determines that the shared key is simple text.

Views

RADIUS server template view

Default Level

3: Management level

Usage Guidelines

After the RADIUS server status is set to Down, you can configure the automatic detection function to test the RADIUS server reachability.

For the automatic status detection function, only the automatic detection user name and password need to be configured in the RADIUS server template on the device, and the automatic detection account does not need to be configured on the RADIUS server. Authentication success is not mandatory. If the device can receive the authentication failure response packet, the RADIUS server is properly working.

In a scenario where user accounts are stored on the third-party server, for example, user accounts are stored on the AD or LDAP server, you are advised to configure automatic detection accounts on the local RADIUS server; otherwise, the server performance deteriorates because the local RADIUS server needs to query accounts through the third-party server.

After the automatic detection function is enabled, automatic detection is classified into the following conditions depending on differences of the RADIUS server status.

Server Status	Whether Automatic Detection Is Supported	Time When an Automatic Detection Packet Is Sent	Condition for Switching the Server Status
Down	Automatic detection is supported by default.	An automatic detection packet is sent after the automatic detection period expires.	If the device receives a response packet from the RADIUS server within the timeout period for detection packets, the device marks the RADIUS server status as Up; otherwise, the RADIUS server status remains Down.
Up	Automatic detection can be enabled using the radius-server detect-server up-server interval command.	An automatic detection packet is sent after the automatic detection period expires.	If the conditions for marking the RADIUS server status as Down are met, the device marks the RADIUS server status as Down; otherwise, the RADIUS server status remains Up.
Force-up	Automatic detection is supported by default.	An automatic detection packet is sent immediately.	If the device receives a packet from the RADIUS server within the timeout period, the device marks the RADIUS server status as Up; otherwise, the device marks the RADIUS server status as Down.

On a large-scale network, you are not advised to enable automatic detection for RADIUS servers in Up status. This is because if automatic detection is enabled on multiple NAS devices, the RADIUS server periodically receives a large number of detection packets when processing RADIUS Access-Request packets source from users, which may deteriorate processing performance of the RADIUS server.

You can run the radius-server detect-server timeout command to configure the timeout period for detection packets.

Example

# Create a user account with the user name test and password YsHsjx_202206 in RADIUS server template acs.

<sysname> system-view
[sysname] radius-server template acs
[sysname-radius-acs] radius-server testuser username test password cipher YsHsjx_202206