3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

Configuring the RADIUS Protocol 43

You can use the display radius command to view the server state in the RADIUS

scheme.

Setting Username

Format Acceptable to

RADIUS Server

As mentioned above, the supplicants are generally named in userid@isp-name

format. The part following "@" is the ISP domain name. 3Com Series Security

Gateways will put the users into different ISP domains according to the domain

names. However, some earlier RADIUS servers reject the username including ISP

domain name. In this case, you have to remove the domain name before sending

the username to the RADIUS server. The security gateway provides the following

command to specify whether the username to be sent to the RADIUS server carries

ISP domain name or not.

If a RADIUS scheme is configured not to allow usernames to include ISP domain

names, the RADIUS scheme shall not be simultaneously used in more than one ISP

domain. Otherwise, the RADIUS server will regard two users in different ISP

domains as the same user by mistake, if they have the same username (excluding

their respective domain names.)

By default, in system scheme, the NAS server sends user names without the ISP

domain name to the RADIUS server; in the newly added RADIUS scheme, the NAS

server sends user names with the ISP domain name to the RADIUS server.

Setting the Unit of Data

Flows Destined for

RADIUS Server

3Com Series Security Gateways provide you with the following command to

define the unit of the data flow sent to RADIUS servers.

In a RADIUS scheme, the default data unit is byte and the default data packet unit

is one packet.

Tab le 32 Set RADIUS server state

Operation Command

Set the state of the primary RADIUS

authentication/authorization server.

state primary authentication { block | active }

Set the state of the primary RADIUS

accounting server.

state primary accounting { block | active }

Set the state of the secondary RADIUS

authentication/authorization server.

state secondary authentication { block | active }

Set the state of the secondary RADIUS

accounting server.

state secondary accounting { block | active }

Tab le 33 Set username format acceptable to RADIUS server

Operation Command

Set the username format transmitted to the

RADIUS server.

user-name-format { with-domain |

without-domain }

Tab le 34 Set the unit of data flows destined for RADIUS server

Operation Command

Set the unit of data flows

transmitted to RADIUS server.

data-flow-format data { byte | giga-byte | kilo-byte |

mega-byte } packet { giga-packet | kilo-packet | mega-

packet | one-packet }

Restore the default unit. undo data-flow-format