3Com Switch 8800 Family Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

241

242

243

244

245

246

247

248

249

250

246 CHAPTER 26: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION

■ “Setting the Username Format Transmitted to RADIUS Server”

■ “Setting the Unit of Data Flow that Transmitted to RADIUS Server”

■ “Configuring the Source Address Used by NAS in RADIUS Packets”

■ “Setting the Port State of RADIUS Client”

■ “Configuring a Local RADIUS Authentication Server”

Among the above tasks, creating RADIUS scheme and setting IP address of

RADIUS server are required, while other takes are optional and can be performed

as your requirements.

Creating/Deleting a

RADIUS scheme

As mentioned above, RADIUS protocol configurations are performed on the per

RADIUS scheme basis. Therefore, before performing other RADIUS protocol

configurations, it is compulsory to create the RADIUS scheme and enter its view.

You can use the following commands to create/delete a RADIUS scheme.

Perform the following configuration in system view.

Several ISP domains can use a RADIUS server group at the same time. You can

configure up to 16 RADIUS schemes, including the default server group named as

System.

By default, the system has a RADIUS scheme named "system" whose attributes

are all default values.

Setting IP Address and

Port Number of a

RADIUS Server

After creating a RADIUS scheme, you are supposed to set IP addresses and UDP

port numbers for the RADIUS servers, including primary/secondary

authentication/authorization servers and accounting servers. So you can configure

up to 4 groups of IP addresses and UDP port numbers. However, at least you have

to set one group of IP address and UDP port number for each pair of

primary/secondary servers to ensure the normal AAA operation.

You can use the following commands to configure the IP address and port number

for RADIUS schemes.

Perform the following configuration in RADIUS scheme view.

Tabl e 207 Create/Delete a RADIUS server group

Operation Command

Create a RADIUS server group and enter its

view

radius scheme radius-server-name

Delete a RADIUS server group undo radius scheme radius-server-name

Tabl e 208 Set IP Address and Port Number of RADIUS Server

Operation Command

Set IP address and port number of primary

RADIUS authentication/authorization server.

primary authentication ip-address [

port-number ]

Restore IP address and port number of

primary RADIUS authentication/authorization

or server to the default values.

undo primary authentication