Configuring Radius Authentication/Authorization Servers; Configuring Ignorance Of Assigned Radius Authorization Attributes - 3Com 4210 9-Port Configuration Manual
Switch 4210 family
Hide thumbs
Also See for 4210 9-Port:
- Configuration manual (567 pages) ,
- Getting started (80 pages) ,
- Datasheet (8 pages)
Table of Contents
Advertisement
Configuring RADIUS Authentication/Authorization Servers
Table 2-12 Configure RADIUS authentication/authorization servers
Operation
Enter system view
Create a RADIUS scheme and
enter its view
Set the IP address and port
number of the primary RADIUS
authentication/authorization
server
Set the IP address and port
number of the secondary
RADIUS
authentication/authorization
server
The authentication response sent from the RADIUS server to the RADIUS client carries
authorization information. Therefore, you need not (and cannot) specify a separate RADIUS
authorization server.
In an actual network environment, you can specify one server as both the primary and secondary
authentication/authorization servers, as well as specifying two RADIUS servers as the primary and
secondary authentication/authorization servers respectively.
The IP address and port number of the primary authentication server used by the default RADIUS
scheme "system" are 127.0.0.1 and 1645.
Configuring Ignorance of Assigned RADIUS Authorization Attributes
A RADIUS server can be configured to assign multiple authorization attributes, such as authorization
VLAN and idle timeout. Some users may need the attributes but some users may not. Such conflict
occurs if the RADIUS server does not support user-based attribute assignment or it performs uniformed
user management.
The RADIUS authorization attribute ignoring function can solve this issue. It is configured as per
RADIUS scheme. Users using a RADIUS scheme with this function enabled can ignore certain
unexpected attributes.
As shown in
Figure
For easy management, the RADIUS server issues the same authorization attributes to all the users.
However, users attached to NAS 1 need these attributes while users attached to NAS 2 do not want to
system-view
radius scheme
radius-scheme-name
primary authentication
{ ip-address | ipv6
ipv6-address } [ port-number ]
[ key string ]
secondary authentication
{ ip-address | ipv6
ipv6-address } [ port-number ]
[ key string ]
2-1, NAS 1 and NAS 2 are connected to the same RADIUS server for authentication.
Command
2-13
Remarks
—
Required
By default, a RADIUS scheme
named "system" has already
been created in the system.
Required
By default, the IP address and
UDP port number of the
primary server are 0.0.0.0 and
1812 respectively for a newly
created RADIUS scheme.
Optional
By default, the IP address and
UDP port number of the
secondary server are 0.0.0.0
and 1812 respectively for a
newly created RADIUS
scheme.
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
