3Com 10014298 Switch User Manual


 
Configuring the RADIUS Protocol 223
ones suggested. (Especially for some earlier RADIUS Servers,
authentication/authorization port number is often set to 1645 and accounting
port number is 1646.)
The RADIUS service port settings on the Switch 7750 need to be consistent with
the port settings on the RADIUS server. Normally, RADIUS accounting service port
is 1813 and the authentication/authorization service port is 1812.
By default, all the IP addresses of primary/second authentication/authorization and
accounting servers are 0.0.0.0, authentication/authorization service port is 1812
and accounting service UDP port is 1813.
Setting the RADIUS Packet Encryption Key
RADIUS client (switch system) and RADIUS server use MD5 algorithm to encrypt
the exchanged packets. The two ends verify the packet by setting the encryption
key. Only when the keys are identical can both ends accept the packets from each
other and give a response.
Perform the following configurations in RADIUS server group view.
Setting the Response Timeout Timer of RADIUS Server
RADIUS (authentication/authorization or accounting) request packet is transmitted
for a specific period of time. If NAS has not received the response from RADIUS
server, it has to retransmit the request to guarantee RADIUS service for the user.
Perform the following configurations in RADIUS server group view.
By default, timeout timer of RADIUS server is 3 seconds.
Setting Retransmission Times of the RADIUS Request Packet
Since RADIUS protocol uses UDP packets to carry the data, the communication
process is not reliable. If the RADIUS server has not responded to NAS before
timeout, NAS has to retransmit the RADIUS request packet. If it transmits the
packet for more than retry-time, and RADIUS server still has not given any
Table 237 Set RADIUS Packet Encryption Key
Operation Command
Set RADIUS authentication/authorization
packet encryption key
key authentication string
Restore the default RADIUS
authentication/authorization packet
encryption key.
undo key authentication
Set RADIUS accounting packet key key accounting string
Restore the default RADIUS accounting packet
key
undo key accounting
Table 238 Set Response Timeout Timer of RADIUS Server
Operation Command
Set response timeout timer of RADIUS server timer second
Restore the response timeout timer of RADIUS
server to default value
undo timer