Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsNetworking S3100 Series

741

742

743

744

745

746

747

748

749

750

● The NAS VLT secondary chassis member processes the RADIUS dynamic authorization message authorizing non-PE Control

Bridge (CB) ports locally.

RPM failover scenario

This section describes how the NAS handles virtual IP failovers to the secondary RPM.

● The NAS Route Processor Module (RPM) processes the RADIUS dynamic authorization message only if the role of RPM is

active.

● The NAS standby RPM processes the retransmitted CoA or DM messages without requiring a chassis reboot if primary RPM

fails and standby becomes primary.

Stack failover scenario

This section describes the stack failover scenario.

● The NAS stacking module processes the RADIUS dynamic authorization messages only if the role of module is master.

● The NAS standby stacking module processes the retransmitted CoA or DM messages without requiring a chassis reboot, if

the master module fails and the standby module becomes the master.

Configuring replay protection

NAS enables you to configure the replay protection window period.

NAS drops the packets if duplicate packets are received within replay protection window period. The default value is 5 minutes.

Enter the following command to configure replay protection:

replay-prot-window minutes

NAS considers the new replay protection window value from next window period. The range is from 1 to 10 minutes. The default

is 5 minutes.

Dell(conf-dynamic-auth#)replay-prot-window 10

Rate-limiting RADIUS packets

NAS enables you to allow or reject RADIUS dynamic authorization packets based on the rate-limiting value that you specify.

NAS lets you to configure number of RADIUS dynamic authorization packets allowed per minute. The default value is 30 packets

per minute. NAS discards the packets, if the number of RADIUS dynamic authorization packets in the current interval cross the

configured rate-limit value.

Enter the following command to configure rate-limiting:

rate-limit number

NAS considers the rate limit change value from the next interval period. The range is from 10 to 60 packets per minute. The

default is 30 packets per minute.

Dell(conf-dynamic-auth#)rate-limit 50

Configuring time-out value

You can configure a time-out value for the back-end task to respond to CoA or DM requests.

This setting enables the DAS to determine the amount of time to wait before a back-end response is received. The default value

is 10 minutes.

Enter the following command to configure the time-out value:

da-rsp-timeout value

Dell(conf-dynamic-auth#)da-rsp-timeout 20

Security

741