Configuring Radius Accounting Servers And The Related Attributes - 3Com 5500-SI Configuration Manual
5500 series
Hide thumbs
Also See for 5500-SI:
- Datasheet (9 pages) ,
- Getting started manual (148 pages) ,
- Quick reference manual (59 pages)
Table of Contents
Advertisement
422
C
21: 802.1
HAPTER
Configuring RADIUS
Accounting Servers and
the Related Attributes
C
X
ONFIGURATION
The authorization information from the RADIUS server is sent to RADIUS clients in
authentication response packets, so you do not need to specify a separate
authorization server.
In real networking environments, you may specify two RADIUS servers as primary and
secondary authentication/authorization servers respectively, or specify one server to
function as both.
The RADIUS service port settings on the Switch 5500 should be consistent with the
port settings on the RADIUS server. Normally, the authentication/authorization service
port is 1812.
Configuring RADIUS Accounting Servers
You can use the following commands to configure the IP address and port number for
RADIUS accounting servers.
Perform the following configurations in RADIUS Scheme View.
Table 452 Configuring RADIUS Accounting Servers
Operation
Set IP address and port number of primary RADIUS
accounting server.
Restore IP address and port number of primary RADIUS
accounting server to the default values.
Set IP address and port number of second RADIUS
accounting server.
Restore IP address and port number of second RADIUS
accounting server to the default values.
By default, as for the newly created RADIUS scheme, the IP address of the primary
accounting server is 0.0.0.0, and the UDP port number of this server is 1813; as for
the "system" RADIUS scheme created by the system, the IP address of the primary
accounting server is 127.0.0.1, and the UDP port number is 1646.
In real networking environments, you can specify two RADIUS servers as the primary
and the secondary accounting servers respectively; or specify one server to function as
both.
To guarantee the normal interaction between NAS and RADIUS server, you are
supposed to guarantee the normal routes between RADIUS server and NAS before
setting the IP address and UDP port of the RADIUS server. In addition, because
RADIUS protocol uses different UDP ports to receive/transmit
authentication/authorization and accounting packets, you need to set two different
ports accordingly. Suggested by RFC2138/2139, authentication/authorization port
number is 1812 and accounting port number is 1813. However, you may use values
other than the suggested ones. (Especially for some earlier RADIUS Servers,
authentication/authorization port number is often set to 1645 and accounting port
number is 1646.)
The RADIUS service port settings on the Switch 5500 units are supposed to be
consistent with the port settings on RADIUS server. Normally, RADIUS accounting
service port is 1813.
Command
primary accounting ip_address
[ port_number ]
undo primary accounting
secondary accounting
ip_address [ port_number ]
undo secondary accounting
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
