Creating Server Groups - Nortel 2300 Series Configuration Manual
Wlan security switch
Hide thumbs
Also See for 2300 Series:
- Reference (622 pages) ,
- Configuration manual (39 pages) ,
- Solution manual (108 pages)
Table of Contents
Advertisement
484 Configuring Communication with RADIUS
Creating Server Groups
To create a server group, you must first configure the RADIUS servers with their addresses and any optional parameters.
After configuring RADIUS servers, type the following command:
set server group group-name members server-name1 [server-name2] [server-name3]
[server-name4]
For example, to create a server group called shorebirds with the RADIUS servers heron, egret, and sandpiper, type the
following commands:
23x0# set radius server egret address 192.168.253.1 key apple
23x0# set radius server heron address 192.168.253.2 key pear
23x0# set radius server sandpiper address 192.168.253.3 key plum
23x0# set server group shorebirds members egret heron sandpiper
In this example, a request to shorebirds results in the RADIUS servers being contacted in the order that they are listed in
the server group configuration, first egret, then heron, then sandpiper. You can change the RADIUS servers in server
groups at any time. (See
"Adding Members to a Server Group" on page
Note.
Any RADIUS servers that do not respond are marked dead (unavailable) for a
period of time. The unresponsive server is skipped over, as though it did not exist, during its
dead time. Once the dead time elapses, the server is again a candidate for receiving
requests. To change the default dead-time timer, use the set radius or set radius server
command.
Ordering Server Groups
You can configure up to four methods for authentication, authorization, and accounting (AAA). AAA methods can be
the local database on the WSS switch and/or one or more RADIUS server groups. You set the order in which the WSS
switch attempts the AAA methods by the order in which you enter the methods in CLI commands.
In most cases, if the first method results in a pass or fail, the evaluation is final. If the first method does not respond or
results in an error, the WSS switch tries the second method and so on.
However, if the local database is the first method in the list, followed by a RADIUS server group, the WSS switch
responds to a failed search of the database by sending a request to the following RADIUS server group. This exception is
called local override.
For more information, see
Configuring Load Balancing
You can configure the WSS switch to distribute authentication requests across RADIUS servers in a server group, which
is called load balancing. Distributing the authentication process across multiple RADIUS servers significantly reduces
the load on individual servers while increasing resiliency on a systemwide basis.
320657-A
"AAA Methods for IEEE 802.1X and Web Network Access" on page
485.)
412.
Advertisement
Table of Contents
