3Com 7757 Configuration Manual page 530
3com switch 7750 family
Hide thumbs
Also See for 7757:
- Quick reference manual (94 pages) ,
- Installation manual (80 pages) ,
- Product manual (15 pages)
Table of Contents
Advertisement
530
C
49: AAA & RADIUS & HWTACACS C
HAPTER
Configuring a Local
RADIUS Authentication
Server
c
Configuring the Timers
of RADIUS Servers
ONFIGURATION
reason, the user-name-format command is designed for you to specify
whether or not ISP domain names are carried in the user names sent to the
RADIUS server.
For a RADIUS scheme, if you have specified that no ISP domain names are
■
carried in the user names, you should not adopt this RADIUS scheme in more
than one ISP domain. Otherwise, such errors may occur: the RADIUS server
regards two different users having the same name but belonging to different
ISP domains as the same user (because the usernames sent to it are the same).
In the default RADIUS scheme "system", no ISP domain names are carried in
■
the user names by default.
Table 415 Configure local RADIUS authentication server
Operation
Command
Enter system view
system-view
Create a local RADIUS
local-server nas-ip ip-address
authentication server
[ key password ]
CAUTION:
When you use the local RADIUS authentication server function, the UDP port
■
number for the authentication/authorization service must be 1645, the UDP
port number for the accounting service is 1646, and the IP addresses of the
servers must be set to the addresses of the switch.
The packet encryption key set by the local-server command with the key
■
password parameter must be identical with the authentication/authorization
packet encryption key set by the key authentication command in RADIUS
scheme view.
The switch supports up to 16 local RADIUS authentication servers (including
■
the default local RADIUS authentication server).
If the switch gets no response from the RADIUS server after sending out a RADIUS
request (authentication/authorization request or accounting request) and waiting
for a period of time, it should retransmit the packet to ensure that the user can
obtain the RADIUS service. This wait time is called response timeout time of
RADIUS servers; and the timer in the switch system that is used to control this wait
time is called the response timeout timer of RADIUS servers.
For the primary and secondary servers (authentication/authorization servers, or
accounting servers) in a RADIUS scheme:
When the switch fails to communicate with the primary server due to some server
trouble, the switch will actively exchange packets with the secondary server.
After the time the primary server keeps in the block state exceeds the time set
with the timer quiet command, the switch will try to communicate with the
primary server again when it has a RADIUS request. If the primary server recovers,
the switch immediately restores the communication with the primary server
Description
-
Required
By default, a local RADIUS
authentication server has already
been created. Its NAS-IP is
127.0.0.1.
Advertisement
Table of Contents
Troubleshooting
