3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

Configuring the RADIUS Protocol 37

By default, no service is authorized to users. The default user priority level is 0.

If the configured authentication method requires username and password

(including local, RADIUS, and HWTACACS authentication), your user priority

determines which level of commands you can access after logging onto the

system. If you adopt RSA authentication, your interface priority determines which

level of commands you can access. If the authentication method is none or only

requires password, your interface priority determines which level of commands

you can access.

Configuring the

RADIUS Protocol

The RADIUS protocol is configured scheme by scheme. In a real networking

environment, a RADIUS scheme can comprise an independent RADIUS server or a

pair of primary and secondary RADIUS servers with the same configuration but

different IP addresses. Accordingly, attributes of every RADIUS scheme include IP

addresses of primary and secondary servers, shared key, and RADIUS server type.

Actually, the RADIUS protocol configurations only define the parameters necessary

for the information interaction between a NAS and a RADIUS server. To validate

these parameter settings, you also need to reference the RADIUS scheme

containing those parameter settings in ISP domain view. For more information

about the configuration commands, refer to the section

“Configuring AAA”

“Configuring AAA”.

RADIUS protocol configuration includes:

■ Create a RADIUS scheme

■ Configure RADIUS authentication/authorization servers

■ Configure RADIUS accounting servers and the related attributes

■ Configure the shared key for RADIUS packet encryption

■ Set the maximum number of RADIUS request attempts

■ Set the supported RADIUS server type

■ Set RADIUS server state

■ Set the username format acceptable to the RADIUS server

■ Set the unit of data flows destined for the RADIUS server

Authorized DVPN service to the user service-type dvpn

Remove the DVPN service authorization undo service-type dvpn

Set the directory that can be accessed if the

user is an FTP user.

service-type ftp [ ftp-directory directory]

Restore the default directory that can be

accessed if the user is an FTP user.

undo service-type ftp [ ftp-directory ]

Set the attributes of callback number and call

number of PPP users.

service-type ppp [ callback-nocheck |

callback-number callback-number |

call-number call-number [ subcall-number ] ]

Restore the default callback number and call

number of PPP users.

undo service-type ppp [ callback-nocheck |

callback-number | call-number ]

Table 22 Set/remove the attributes concerned with a specified user

Operation Command