Table of Contents
Advertisement
1774
C
93: AAA/RADIUS/HWTACACS C
HAPTER
n
Setting Timers
Regarding RADIUS
Servers
ONFIGURATION
To do...
Enable the RADIUS trap
function
Create a RADIUS scheme and
enter RADIUS scheme view
Specify the format of the
username to be sent to a
RADIUS server
Specify the unit for data flows
or packets to be sent to a
RADIUS server
Set the source
In RADIUS
IP address of
scheme view
the device to
In system view quit
send RADIUS
packets
Some earlier RADIUS servers cannot recognize usernames that contain an ISP
■
domain name; therefore before sending a username including a domain name
to such a RADIUS server, the device must remove the domain name. This
command is thus provided for you to decide whether to include a domain
name in a username to be sent to a RADIUS server.
If a RADIUS scheme defines that the username is sent without the ISP domain
■
name, do not apply the RADIUS scheme to more than one ISP domain, thus
avoiding the confused situation where the RADIUS server regards two users in
different ISP domains but with the same userid as one.
The nas-ip command in RADIUS scheme view is only for the current RADIUS
■
scheme, while the radius nas-ip command in system view is for all RADIUS
schemes. However, the nas-ip command in RADIUS scheme view overwrites
the configuration of the radius nas-ip command.
There are three timers regarding RADIUS servers:
RADIUS server response timeout (response-timeout): If a NAS receives no
■
response from the RADIUS server in a period of time after sending a RADIUS
request (authentication/authorization or accounting request), it has to resend
the request so that the user has more opportunity to obtain the RADIUS
service. The NAS uses the RADIUS server response timeout timer to control the
transmission interval.
Primary server quiet timer (timer quiet): If the primary server is not reachable,
■
its state changes to blocked, and the device will communicate with the
secondary server with an IP address configured. If the secondary server is
reachable, the primary server will resume active after the period specified by
this timer, and the secondary server's state does not change.
Use the command...
radius trap
{ accounting-server-down |
authentication-server-dow
n }
radius scheme
radius-scheme-name
user-name-format
{ with-domain |
without-domain }
data-flow-format { data
{ byte | giga-byte |
kilo-byte | mega-byte } |
packet { giga-packet |
kilo-packet | mega-packet |
one-packet } }*
nas-ip ip-address
radius nas-ip ip-address
Remarks
Optional
Disabled by default
Required
By default, no RADIUS
scheme is created.
Optional
By default, the ISP domain
name is included in the
username.
Optional
The defaults are as follows:
byte for data flows, and
one-packet for data packets.
Use either command
By default, the outbound port
serves as the source IP
address to send RADIUS
packets
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
