3Com Switch 4800G 24-Port Configuration Manual page 767

Setting the Shared Key
for RADIUS Packets
n
Setting the Maximum
Number of RADIUS
Request Retransmission
Attempts
authentication/authorization and accounting packets, the port for
authentication/authorization must be different from that for accounting.
You can set the maximum number of stop-accounting request transmission
■
buffer, allowing the device to buffer and resend a stop-accounting request
until it receives a response or the number of transmission retries reaches the
configured limit. In the latter case, the device discards the packet.
You can set the maximum number of accounting request transmission
■
attempts on the device, allowing the device to disconnect a user when the
number of accounting request transmission attempts for the user reaches the
limit but it still receives no response to the accounting request.
The IP addresses of the primary and secondary accounting servers cannot be
■
the same. Otherwise, the configuration fails.
Currently, RADIUS does not support keeping accounts on FTP users.
■
The RADIUS client and RADIUS server use the MD5 algorithm to encrypt packets
exchanged between them and a shared key to verify the packets. Only when the
same key is used can they properly receive the packets and make responses.
Follow these steps to set the shared key for RADIUS packets:
To do...
Enter system view
Create a RADIUS scheme and
enter RADIUS scheme view
Set the shared key for RADIUS
authentication/authorization
or accounting packets
The shared key configured on the device must be the same as that configured on
the RADIUS server.
Because RADIUS uses UDP packets to carry data, the communication process is not
reliable. If a NAS receives no response from the RADIUS server before the response
timeout timer expires, it is required to retransmit the RADIUS request. If the
number of transmission attempts exceeds the specified limit but it still receives no
response, it considers the authentication a failure.
Follow these steps to set the maximum number of RADIUS request retransmission
attempts:
To do...
Enter system view
Create a RADIUS scheme and
enter RADIUS scheme view
Set the number of
retransmission attempts of
RADIUS packets
Use the command...
system-view
radius scheme
radius-scheme-name
key { accounting |
authentication } string
Use the command...
system-view
radius scheme
radius-scheme-name
retry retry-times
Configuring RADIUS 767
Remarks
-
Required
Not defined by default
Required
No key by default
Remarks
-
Required
Not defined by default
Optional
3 by default