3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module

891

892

893

894

895

896

897

898

899

900

Configuring RADIUS 903

■ For the default scheme named "system", the username contains no domain

name.

■ The nas-ip command in RADIUS scheme view is only for the current RADIUS

scheme, while the radius nas-ip command in system view is for all RADIUS

schemes. However, the nas-ip command in RADIUS scheme view overwrites

the configuration of the radius nas-ip command.

Configuring Local

RADIUS Server

The device, as a RADIUS client, supports the traditional service: perform user

authentication using an authentication/authorization server and accounting server

respectively. Furthermore, it provides local simple RADIUS server functions

(including authentication, authorization and accounting).You can execute the

following commands to configure the parameters of the local RADIUS server.

Follow the steps below to configure the local RADIUS server.

■ When the local RADIUS authentication server function is used, the number of

the UDP port for authentication/authorization must be 1645, the number of

the UDP port for accounting must be 1646, and the IP address of the server is

that of the local server.

■ The shared key configured using this command must be consistent with that

for authentication/authorization or accounting packets configured using the

key { accounting | authentication } command in RADIUS scheme view.

■ The device supports a maximum of 16 local RADIUS servers including the

default local RADIUS authentication server.

Setting Timers

Regarding RADIUS

Servers

If a NAS receives no response from the RADIUS server in a period of time after

sending a RADIUS request (authentication/authorization or accounting request), it

has to resend the request so that the user has more opportunity to obtain the

RADIUS service. The NAS uses the RADIUS server response timeout timer to

control the transmission interval.

Follow these steps to set timers regarding RADIUS servers:

To do... Use the Command... Remarks

Enter system view system-view -

Configure local RADIUS

server

local-server nas-ip

ip-address key password

Required

By default, no parameters are

configured for the local RADIUS

server.

To do... Use the command... Remarks

Enter system view system-view -

Create a RADIUS scheme and

enter RADIUS scheme view

radius scheme

radius-scheme-name

Required

By default, a RADIUS scheme

named "system" has been

created in the system.

Set the RADIUS server

response timeout timer

timer response-timeout

seconds

Optional

3 seconds by default