3Com Switch 8800 Family Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8108fl Redundant Switch Fabric Module

251

252

253

254

255

256

257

258

259

260

Configuring RADIUS Protocol 255

Configuring the Source

Address Used by NAS in

RADIUS Packets

Perform the following configuration in the corresponding view.

The effect of the two commands is the same. However, the configuration done in

RADIUS scheme view has a higher priority than the configuration done in system

view.

By default, no source address is specified, that is to say, the interface from which a

packet is sent is regarded as the source address of the packet.

Setting the Port State of

RADIUS Client

According to RFC2138/2139 protocol, Radius service generally adopts port 1812

as authentication packet port and port 1813 as accounting packet port. However,

the source port of both authentication packets and accounting packets is port

1812 on 3Com Switch 8800 Family series switches. If such packets are sent, the

destination port of the response packets is port 1812. So RADIUS service can be

controlled on the switch by controlling the inbound UDP packets whose

destination port is 1812.

3Com series switches provide the following command to set the state of port

1812 of the RADIUS client.

Perform the following configuration in system view.

The port 1812 of the RADIUS client is disabled by default.

If the port 1812 is disabled, all the UDP packets whose destination port is port

1812 will be dropped, so the remote RADIUS service cannot be used.

Configuring a Local

RADIUS Authentication

Server

3Com Switch 8800 Family series switches not only support the traditional RADIUS

client service mentioned above, that is, adopting authentication, authorization

and accounting servers to authenticate and administrate users, but also provides

simple local RADIUS server function (including authentication and authorization),

which is also known as local RADIUS authentication server function. A Switch

8800 Family switch supports up to 16 local RADIUS servers.

Perform the following configuration in system view.

Tab le 226 Configuring the source address used by the NAS in RADIUS packets

Operation Command

Configure the source address used by the NAS

in RADIUS packets (RADIUS scheme view)

nas-ip ip-address

Cancel the configured source address used by

the NAS in RADIUS packets (RADIUS scheme

view)

undo nas-ip

Configure the source address used by the NAS

in RADIUS packets (System view)

radius nas-ip ip-address [ vpn-instance

vpn-instance-name ]

Cancel the configured source address used by

the NAS in RADIUS packets (System view)

undo radius nas-ip [ vpn-instance

vpn-instance-name ]

Tab le 227 Set the port state of RADIUS client

Operation Command

Enable the port 1812 of the RADIUS client radius client enable

Disable the port 1812 of the RADIUS client undo radius client