3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module

891

892

893

894

895

896

897

898

899

900

900 CHAPTER 70: AAA, RADIUS AND HWTACACS CONFIGURATION

Setting the Shared Key

for RADIUS Packets

The RADIUS client and RADIUS server use the MD5 algorithm to encrypt packets

exchanged between them and a shared key to verify the packets. Only when the

same key is used can they properly receive the packets and make responses.

Follow these steps to set the shared key for RADIUS packets:

CAUTION: The shared key configured on the device must be the same as that

configured on the RADIUS server.

Setting the Maximum

Number of RADIUS

Request Retransmission

Attempts

Since RADIUS uses UDP packets to carry data, the communication process is not

reliable. If a NAS receives no response from the RADIUS server before the response

timeout timer expires, it is required to retransmit the RADIUS request. If the

number of transmission attempts exceeds the specified limit but it still receives no

response, it considers the authentication a failure.

Follow these steps to set the maximum number of RADIUS request retransmission

attempts:

■ The maximum number of retransmission attempts of RADIUS packets

multiplied by the RADIUS server response timeout period cannot be greater

than 75.

■ Refer to the timer response-timeout command in the Switch 8800

Command Reference Guide for configuring RADIUS server response timeout

period.

Setting the Supported

RADIUS Server Type

Follow these steps to set the supported RADIUS server type:

To do... Use the command... Remarks

Enter system view system-view -

Create a RADIUS scheme and

enter RADIUS scheme view

radius scheme

radius-scheme-name

Required

By default, a RADIUS scheme

named "system" has been

created in the system.

Set the shared key for RADIUS

authentication/authorization

or accounting packets

key { accounting |

authentication } string

Required

No key by default

To do... Use the command... Remarks

Enter system view system-view -

Create a RADIUS scheme and

enter RADIUS scheme view

radius scheme

radius-scheme-name

Required

By default, a RADIUS scheme

named "system" has been

created in the system.

Set the number of

retransmission attempts of

RADIUS packets

retry retry-times Optional

3 by default

To do... Use the command... Remarks

Enter system view system-view -