3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

Configuring the RADIUS Protocol 43

You can use the display radius command to view the server state in the RADIUS

scheme.

Setting Username

Format Acceptable to

RADIUS Server

As mentioned above, the supplicants are generally named in userid@isp-name

format. The part following "@" is the ISP domain name. 3Com Series Security

Gateways will put the users into different ISP domains according to the domain

names. However, some earlier RADIUS servers reject the username including ISP

domain name. In this case, you have to remove the domain name before sending

the username to the RADIUS server. The security gateway provides the following

command to specify whether the username to be sent to the RADIUS server carries

ISP domain name or not.

If a RADIUS scheme is configured not to allow usernames to include ISP domain

names, the RADIUS scheme shall not be simultaneously used in more than one ISP

domain. Otherwise, the RADIUS server will regard two users in different ISP

domains as the same user by mistake, if they have the same username (excluding

their respective domain names.)

By default, in system scheme, the NAS server sends user names without the ISP

domain name to the RADIUS server; in the newly added RADIUS scheme, the NAS

server sends user names with the ISP domain name to the RADIUS server.

Setting the Unit of Data

Flows Destined for

RADIUS Server

3Com Series Security Gateways provide you with the following command to

define the unit of the data flow sent to RADIUS servers.

In a RADIUS scheme, the default data unit is byte and the default data packet unit

is one packet.

Configuring Source

Address for RADIUS

Packets Sent by NAS

Perform the following configuration in the specified views.

Tab le 33 Set username format acceptable to RADIUS server

Operation Command

Set the username format transmitted to the

RADIUS server.

user-name-format { with-domain |

without-domain }

Tab le 34 Set the unit of data flows destined for RADIUS server

Operation Command

Set the unit of data flows

transmitted to RADIUS server.

data-flow-format data { byte | giga-byte | kilo-byte |

mega-byte } packet { giga-packet | kilo-packet | mega-

packet | one-packet }

Restore the default unit. undo data-flow-format

Tab le 35 Configure source address for the RADIUS packets sent by the NAS

Operation Command

Configure the source address to be carried in the RADIUS

packets sent by the NAS(RADIUS view).

nas-ip ip-address

Cancel the configured source address to be carried in the

RADIUS packets sent by the NAS(RADIUS view).

undo nas-ip

Configure the source address to be carried in the RADIUS

packets sent by the NAS(System view).

radius nas-ip ip-address