Configuring Global Radius Defaults - D-Link DWS-1008 - AirPremier MobileLAN Switch Product Manual
8 port 10/100 wireless switch with power over ethernet
Hide thumbs
Also See for DWS-1008 - AirPremier MobileLAN Switch:
- Cli reference manual (531 pages) ,
- User manual (454 pages) ,
- Installation manual (17 pages)
Table of Contents
Advertisement
When MSS sends an authentication or authorization request to a RADIUS server, MSS waits for the
amount of the RADIUS timeout for the server to respond. If the server does not respond, MSS retransmits
the request. MSS sends the request up to the number of retransmits configured. (The retransmit setting
specifies the total number of attempts, including the first attempt.) For example, using the default values,
MSS sends a request to a server up to three times, waiting 5 seconds between requests.
If a server does not respond before the last request attempt times out, MSS holds down further requests
to the server, for the duration of the dead time. For example, if you set the dead time to 5 minutes,
MSS stops sending requests to the unresponsive server for 5 minutes before reattempting to use the
server.
During the holddown, it is as if the dead RADIUS server does not exist. MSS skips over any dead
RADIUS servers to the next live server, or on to the next method if no more live servers are available,
depending on your configuration.
For example, if a RADIUS server group is the primary authentication method and local is the secondary
method, MSS fails over to the local method if all RADIUS servers in the server group are unresponsive
and have entered the dead time.
For failover authentication or authorization to work promptly, D-Link recommends that you change the
dead time to a value other than 0. With the default setting, the dead time is never invoked and MSS does
not hold down requests to unresponsive RADIUS servers. Instead, MSS attempts to send each new
authentication or authorization request to a server even if the server is thought to be unresponsive. This
behavior can cause authentication or authorization failures on clients because MSS does not fail over
to the local method soon enough and the clients eventually time out.
Configuring Global RADIUS Defaults
You can change RADIUS values globally and set a global password (key) with the following command.
The key string is the shared secret that the switch uses to authenticate itself to the RADIUS server.
set radius {deadtime minutes | encrypted-key string | key string |
retransmit number | timeout seconds}
For example, the following commands set the dead-time timer to 10 minutes and set the password to
r8gney for all RADIUS servers in the switch configuration:
DWS-1008# set radius deadtime 10
success: change accepted.
DWS-1008# set radius key r8gney
success: change accepted.
To reset global RADIUS server settings to their factory defaults, use the following command:
clear radius {deadtime | key | retransmit | timeout}
For example, the following command resets the dead-time timer to 0 minutes on all RADIUS servers in
the switch configuration:
DWS-1008# clear radius deadtime
success: change accepted.
D-Link DWS-1008 User Manual
0
Advertisement
Table of Contents
