Setting The Status Of Radius Servers - 3Com 4500G Family Configuration Manual

24/48 port
Hide thumbs Also See for 4500G Family:
Table of Contents

Advertisement

If you change the type of RADIUS server, the data stream destined to the original RADIUS server
will be restored to the default unit.
When a third-party RADIUS is used, you can configure the RADIUS server to standard or
extended. When iMC server is used, you must configure the RADIUS server to extended.

Setting the Status of RADIUS Servers

By setting the status of RADIUS servers to block or active, you can control which servers the device
will communicate with for authentication, authorization, and accounting or turn to when the current
servers are not available any more. With both primary servers and secondary servers configured, the
device chooses servers based on these rules:
When the primary server and secondary server are both in active state, the device communicates
with the primary server. If the primary server fails, the device changes the status of the primary
server to block and turns to the secondary server. When the quiet timer times out, the device
resumes the status of the primary server to active while keeping the status of the secondary server
unchanged. In the case of authentication/authorization, the device resumes the communication
with the primary server; in the case of accounting, however, the device keeps communicating with
the secondary server if accounting has already started, no matter whether the primary server
recovers or not.
When the primary server and secondary server are both in block state, the device communicates
with the primary server. If the primary server is available, its status changes to active; otherwise,
the status of the primary server remains the same.
If one server is in active state while the other is in block state, the device only tries to communicate
with the server in active state, even if the server is unavailable.
By default, the device sets the status of each RADIUS server configured with an IP address to active.
You can manually change the status of a server as needed. For example, to use the secondary server
for authentication, you need to change the status of the primary server to block while leaving the
secondary server in active state.
Follow these steps to set the status of RADIUS servers:
To do...
Enter system view
Create a RADIUS scheme and
enter RADIUS scheme view
Set the status of the primary
RADIUS
authentication/authorization
server
Set the status of the primary
RADIUS accounting server
Set the status of the secondary
RADIUS
authentication/authorization
server
Use the command...
system-view
radius scheme
radius-scheme-name
state primary authentication
{ active | block }
state primary accounting
{ active | block }
state secondary
authentication { active |
block }
1-26
Remarks
Required
Not defined by default
Optional
active for every server
configured with IP address in
the RADIUS scheme

Hide quick links:

Advertisement

Chapters

Table of Contents
loading

Table of Contents