3Com 8807 Configuration Manual page 248
8800 series
Hide thumbs
Also See for 8807:
- Command reference manual (1099 pages) ,
- Installation manual (104 pages) ,
- Product manual (15 pages)
Table of Contents
Advertisement
248
C
26: AAA
HAPTER
AND
n
Setting the RADIUS
Packet Encryption Key
Configuring VPN of
RADIUS Server
RADIUS/HWTACACS P
ROTOCOL
authentication/authorization and accounting packets, you shall set two different
ports accordingly. Suggested by RFC2138/2139, authentication/authorization port
number is 1812 and accounting port number is 1813. However, you may use
values other than the suggested ones. (Especially for some earlier
RADIUS/HWTACACS Servers, authentication/authorization port number is often
set to 1645 and accounting port number is 1646.)
The RADIUS/HWTACACS service port settings on 3Com Series Switches are
supposed to be consistent with the port settings on RADIUS server. Normally,
RADIUS accounting service port is 1813 and the authentication/authorization
service port is 1812.
For a Switch 8800 Family series routing switch, the default RADIUS scheme
authentication/authorization port is 1645, the accounting port is 1646. And port
1812 and 1813 are for other schemes.
RADIUS client (switch system) and RADIUS server use MD5 algorithm to encrypt
the exchanged packets. The two ends verify the packet through setting the
encryption key. Only when the keys are identical can both ends to accept the
packets from each other end and give response.
You can use the following commands to set the encryption key for RADIUS
packets.
Perform the following configuration in RADIUS scheme view.
Table 209 Set RADIUS packet encryption key
Operation
Set RADIUS authentication/authorization
packet encryption key
Restore the default RADIUS
authentication/authorization packet
encryption key
Set RADIUS accounting packet encryption key key accounting string
Restore the default RADIUS accounting packet
encryption key
By default, the encryption keys of RADIUS authentication/authorization and
accounting packets are all "3Com".
The default address of the RADIUS Server is the address of the public network. If
the RADIUS Server is built under a private network, you must specify the VPN to
which the RADIUS Server belongs when configuring the RADIUS Server.
Use the following commands to configure the VPN of the RADIUS Server.
Perform the following configuration in RADIUS scheme view.
Table 210 Configure the VPN of the RADIUS Server
Operation
Set the VPN that the RADIUS Server belongs to
C
ONFIGURATION
Command
key authentication string
undo key authentication
undo key accounting
Command
vpn-instance vpn-name
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
