3Com Switch 8800 Family Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8108fl Redundant Switch Fabric Module

241

242

243

244

245

246

247

248

249

250

248 CHAPTER 26: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION

authentication/authorization and accounting packets, you shall set two different

ports accordingly. Suggested by RFC2138/2139, authentication/authorization port

number is 1812 and accounting port number is 1813. However, you may use

values other than the suggested ones. (Especially for some earlier

RADIUS/HWTACACS Servers, authentication/authorization port number is often

set to 1645 and accounting port number is 1646.)

The RADIUS/HWTACACS service port settings on 3Com Series Switches are

supposed to be consistent with the port settings on RADIUS server. Normally,

RADIUS accounting service port is 1813 and the authentication/authorization

service port is 1812.

For a Switch 8800 Family series routing switch, the default RADIUS scheme

authentication/authorization port is 1645, the accounting port is 1646. And port

1812 and 1813 are for other schemes.

Setting the RADIUS

Packet Encryption Key

RADIUS client (switch system) and RADIUS server use MD5 algorithm to encrypt

the exchanged packets. The two ends verify the packet through setting the

encryption key. Only when the keys are identical can both ends to accept the

packets from each other end and give response.

You can use the following commands to set the encryption key for RADIUS

packets.

Perform the following configuration in RADIUS scheme view.

By default, the encryption keys of RADIUS authentication/authorization and

accounting packets are all "3Com".

Configuring VPN of

RADIUS Server

The default address of the RADIUS Server is the address of the public network. If

the RADIUS Server is built under a private network, you must specify the VPN to

which the RADIUS Server belongs when configuring the RADIUS Server.

Use the following commands to configure the VPN of the RADIUS Server.

Perform the following configuration in RADIUS scheme view.

Tabl e 209 Set RADIUS packet encryption key

Operation Command

Set RADIUS authentication/authorization

packet encryption key

key authentication string

Restore the default RADIUS

authentication/authorization packet

encryption key

undo key authentication

Set RADIUS accounting packet encryption key key accounting string

Restore the default RADIUS accounting packet

encryption key

undo key accounting

Tabl e 210 Configure the VPN of the RADIUS Server

Operation Command

Set the VPN that the RADIUS Server belongs to vpn-instance vpn-name