Table of Contents
Advertisement
Configuring RADIUS
Authentication/
Authorization Servers
Configuring RADIUS
Accounting Servers and
the Related Attributes
Several ISP domains can use a RADIUS scheme at the same time. You can
configure up to 16 RADIUS schemes, including the default scheme named as
.
system
By default, the system has a RADIUS scheme named as
are all default values. The default attribute values will be introduced in the
following text.
After creating a RADIUS scheme, you have to set IP addresses and UDP port
numbers for the RADIUS servers, including primary/secondary
authentication/authorization servers and accounting servers. You can configure up
to four groups of IP addresses and UDP port numbers. However, as a minimum,
you have to set one group of IP address and UDP port number for each pair of
primary/secondary servers to ensure the normal AAA operation.
You can use the following commands to configure the IP address and port
number for RADIUS servers.
Perform the following configurations in RADIUS Scheme View.
Table 214 Configuring RADIUS Authentication/Authorization Servers
Operation
Set IP address and port number of primary
RADIUS authentication/authorization server.
Restore IP address and port number of primary
RADIUS authentication/authorization server to
the default values.
Set IP address and port number of secondary
RADIUS authentication/authorization server.
Restore IP address and port number of second
RADIUS authentication/authorization server to
the default values.
By default, as for the newly created RADIUS scheme, the IP address of the primary
authentication server is 0.0.0.0, and the UDP port number of this server is 1812; as
for the "system" RADIUS scheme created by the system, the IP address of the
primary authentication server is 127.0.0.1, and the UDP port number is 1645.
The authorization information from the RADIUS server is sent to RADIUS clients in
authentication response packets, so you do not need to specify a separate
authorization server.
In real networking environments, you may specify two RADIUS servers as primary
and secondary authentication/authorization servers respectively, or specify one
server to function as both.
The RADIUS service port settings on the Switch 4500 should be consistent with
the port settings on the RADIUS server. Normally, the authentication/authorization
service port is 1812.
Configuring RADIUS Accounting Servers
You can use the following commands to configure the IP address and port
number for RADIUS accounting servers.
AAA and RADIUS Protocol Configuration
system
Command
primary authentication
ip_address [ port_number ]
undo primary authentication
secondary authentication
ip_address [ port_number ]
undo secondary authentication
201
whose attributes
Advertisement
Table of Contents
Troubleshooting
