3Com Switch 7750 Configuration Guide Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

501

502

503

504

505

506

507

508

509

510

508 CHAPTER 48: AAA & RADIUS & HWTACACS CONFIGURATION

CAUTION:

■ Generally, the access users are named in the userid@isp-name format. Where,

isp-name behind the @ character represents the ISP domain name, by which

the device determines which ISP domain it should ascribe the user to. However,

some old RADIUS servers cannot accept the user names that carry ISP domain

names. In this case, it is necessary to remove the domain names carried in the

user names before sending the user names to the RADIUS server. For this

reason, the user-name-format command is designed for you to specify

whether or not ISP domain names are carried in the user names sent to the

RADIUS server.

■ For a RADIUS scheme, if you have specified that no ISP domain names are

carried in the user names, you should not adopt this RADIUS scheme in more

than one ISP domain. Otherwise, such errors may occur: the RADIUS server

regards two different users having the same name but belonging to different

ISP domains as the same user (because the usernames sent to it are the same).

■ In the default RADIUS scheme "system", no ISP domain names are carried in

the user names by default.

Configuring a Local

RADIUS Authentication

Server

CAUTION:

■ When you use the local RADIUS authentication server function, the UDP port

number for the authentication/authorization service must be 1645, the UDP

port number for the accounting service is 1646, and the IP addresses of the

servers must be set to the addresses of the switch.

■ The packet encryption key set by the local-server command with the key

password parameter must be identical with the authentication/authorization

packet encryption key set by the key authentication command in RADIUS

scheme view.

■ The switch supports up to 16 local RADIUS authentication servers (including

the default local RADIUS authentication server).

Set the source IP address used

by the switch to send RADIUS

packets

RADIUS scheme view

nas-ip ip-address

Optional

By default, no source IP

address is specified; and the IP

address of the outbound

interface is used as the source

IP address.

System view

radius nas-ip ip-address

Table 389 Configure the attributes for data to be sent to the RADIUS servers

Operation Command Description

Tabl e 390 Configure local RADIUS authentication server

Operation Command Description

Enter system view system-view -

Create a local RADIUS

authentication server

local-server nas-ip

ip-address [ key password ]

Required

By default, a local RADIUS

authentication server has

already been created. Its

NAS-IP is 127.0.0.1.