3Com Switch 8800 Family Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

241

242

243

244

245

246

247

248

249

250

Configuring RADIUS Protocol 249

The RADIUS Server does not belong to any VPN by default.

Setting the Port State of

the Local RADIUS Server

The local RADIUS server uses the switch itself as the RADIUS server, with port 1645

as authentication port and port 1646 as accounting port. The two ports are

enabled in the initial state, without any corresponding command lines to

enable/disable them. Considering the policy of maximum security, certain

measures are taken to control the ports to eliminate potential security troubles.

Perform the following configuration in system view.

By default, the local RADIUS server is enabled, and port 1645 and port 1646 are

enabled.

Setting the Maximum

Retry Times for RADIUS

Request Packets

Because RADIUS Protocol carries data through UDP packets, its communication

process is not reliable. If the RADIUS Server does not respond to the NAS within

the time specified by the response timeout timer, it is necessary for the NAS to

retry sending the RADIUS request packets to the RADIUS Server. If the number of

retry times exceeds maximum retry times while the RADIUS Server still does not

respond, the NAS will assume its communication with the current RADIUS Server

to have been cut off and will send request packets to another RADIUS Server.

Use the following commands to set the maximum retry times of sending RADIUS

request packets.

Perform the following configuration in RADIUS scheme view.

By default, the maximum retry times of sending RADIUS request packets is 3.

Setting RADIUS Server

Response Timeout Timer

If the NAS fails to receive the response from RADIUS server a certain period of time

after it sends a RADIUS request packet (authentication/authorization request or

accounting request), it should retransmit the RADIUS request packet to ensure the

RADIUS service for the user.

You can use the following command to set the response timeout timer of the

RADIUS server.

Restore the VPN attribute of RADIUS Server to the default value undo vpn-instance

Table 210 Configure the VPN of the RADIUS Server

Operation Command

Tab le 211 Set the port state of the local RADIUS server

Operation Command

Enable the port of the local RADIUS server local-server enable

Disable the port of the local RADIUS server undo local-server

Tab le 212 Set the maximum retry times of sending RADIUS request packets

Operation Command

Set the maximum retry times of sending RADIUS request packets retry retry-times

Restore the maximum retry times of sending RADIUS request packets to

the default value

undo retry