Manualshelf

3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module
891892893894895896897898899900
898 CHAPTER 70: AAA, RADIUS AND HWTACACS CONFIGURATION
include IP addresses of primary and secondary servers, shared key, and RADIUS
server type.
Actually, the RADIUS protocol configurations only set the parameters necessary for
the information interaction between a NAS and a RADIUS server. For these
settings to take effect, you must reference the RADIUS scheme containing those
settings in ISP domain view. For information about the commands for referencing
a scheme, refer to
“Configuring AAA” on page 889.
Creating a RADIUS
Scheme
Before performing other RADIUS configurations, follow these steps to create a
RADIUS scheme and enter RADIUS scheme view:
n
A RADIUS scheme can be referenced by more than one ISP domain at the same
time.
Specifying the RADIUS
Authentication/Authoriz
ation Servers
Follow these steps to specify the RADIUS authentication/authorization servers:
n
In practice, you may specify two RADIUS servers as the primary and secondary
authentication/authorization servers respectively. At a moment, a server can be
the primary authentication/authorization server for a scheme and the
secondary authentication/authorization servers for another scheme.
The IP addresses of the primary and secondary authentication/authorization
servers for a scheme cannot be the same. Otherwise, the configuration fails.
In the default RADIUS scheme system, the IP address and the port number of
the primary authentication server are 127.0.0.1 and 1645 respectively.
To do... Use the command... Remarks
Enter system view system-view -
Create a RADIUS scheme and
enter RADIUS scheme view
radius scheme
radius-scheme-name
Required
By default, the system has
created a RADIUS scheme
named "system".
To do... Use the command... Remarks
Enter system view system-view -
Create a RADIUS scheme and
enter RADIUS scheme view
radius scheme
radius-scheme-name
Required
By default, the system has
created a RADIUS scheme
named "system".
Configure the IP address and
UDP port of the primary
RADIUS
authentication/authorization
server
primary authentication
ip-address [ port-number ]
Required
The defaults are as follows:
0.0.0.0 for the IP address, and
1812 for the port.
Configure the IP address and
UDP port of the secondary
RADIUS
authentication/authorization
server
secondary authentication
ip-address [ port-number ]
Optional
The defaults are as follows:
0.0.0.0 for the IP address, and
1812 for the port.