3Com 8807 Configuration Manual page 255

Configuring the Source
Address Used by NAS in
RADIUS Packets
Setting the Port State of
RADIUS Client
Configuring a Local
RADIUS Authentication
Server
Perform the following configuration in the corresponding view.
Table 226 Configuring the source address used by the NAS in RADIUS packets
Operation
Configure the source address used by the NAS
in RADIUS packets (RADIUS scheme view)
Cancel the configured source address used by
the NAS in RADIUS packets (RADIUS scheme
view)
Configure the source address used by the NAS
in RADIUS packets (System view)
Cancel the configured source address used by
the NAS in RADIUS packets (System view)
The effect of the two commands is the same. However, the configuration done in
RADIUS scheme view has a higher priority than the configuration done in system
view.
By default, no source address is specified, that is to say, the interface from which a
packet is sent is regarded as the source address of the packet.
According to RFC2138/2139 protocol, Radius service generally adopts port 1812
as authentication packet port and port 1813 as accounting packet port. However,
the source port of both authentication packets and accounting packets is port
1812 on 3Com Switch 8800 Family series switches. If such packets are sent, the
destination port of the response packets is port 1812. So RADIUS service can be
controlled on the switch by controlling the inbound UDP packets whose
destination port is 1812.
3Com series switches provide the following command to set the state of port
1812 of the RADIUS client.
Perform the following configuration in system view.
Table 227 Set the port state of RADIUS client
Operation
Enable the port 1812 of the RADIUS client
Disable the port 1812 of the RADIUS client
The port 1812 of the RADIUS client is disabled by default.
If the port 1812 is disabled, all the UDP packets whose destination port is port
1812 will be dropped, so the remote RADIUS service cannot be used.
3Com Switch 8800 Family series switches not only support the traditional RADIUS
client service mentioned above, that is, adopting authentication, authorization
and accounting servers to authenticate and administrate users, but also provides
simple local RADIUS server function (including authentication and authorization),
which is also known as local RADIUS authentication server function. A Switch
8800 Family switch supports up to 16 local RADIUS servers.
Perform the following configuration in system view.
Configuring RADIUS Protocol
Command
nas-ip ip-address
undo nas-ip
radius nas-ip ip-address [ vpn-instance
vpn-instance-name ]
undo radius nas-ip [ vpn-instance
vpn-instance-name ]
Command
radius client enable
undo radius client
255