3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
38 CHAPTER 4: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION
■ Configure the source address in the RADIUS packets sent by NAS
■ Set timers regarding RADIUS server
■ Configure the RADIUS server to send a trap packet
Among these tasks, creating a RADIUS scheme and configuring RADIUS
authentication/authorization servers are required, while other tasks are optional at
your discretion.
Creating a RADIUS
Scheme
As mentioned earlier, the RADIUS protocol is configured scheme by scheme.
Therefore, before performing other RADIUS protocol configurations, you must
create a RADIUS scheme and enter its view.
You can use the following commands to create/delete a RADIUS scheme.
Perform the following configurations in system view.
A RADIUS scheme can be referenced by several ISP domains at the same time.
By default, the system has a RADIUS scheme named system whose attributes are
all default values.
c
CAUTION: FTP, terminal, and SSH are not standard attribute values of the RADIUS
protocol, so you need to define them in the attribute login-service (the standard
attribute 15):
login-service(50) = SSH
login-service(51) = FTP
login-service(52) = Terminal
After that, reboot the RADIUS server to validate them.
Configuring RADIUS
Authentication/Authoriz
ation Servers
You can use the following commands to configure IP address and port number of
RADIUS authentication/authorization servers.
Perform the following configuration in RADIUS view.
Tabl e 23 Create/delete a RADIUS scheme
Operation Command
Create a RADIUS scheme and enter its view. radius scheme radius-scheme-name
Delete a RADIUS scheme. undo radius scheme radius-scheme-name
Tabl e 24 Configure IP address and port number of RADIUS authentication/authorization
servers
Operation Command
Configure IP address and port number of the
primary RADIUS authentication/authorization
server.
primary authentication ip-address [
port-number ]