Support User Manuals

3Com 10014298 Switch User Manual

Open as PDF

of 294

Configuring the RADIUS Protocol 223

ones suggested. (Especially for some earlier RADIUS Servers,

authentication/authorization port number is often set to 1645 and accounting

port number is 1646.)

The RADIUS service port settings on the Switch 7750 need to be consistent with

the port settings on the RADIUS server. Normally, RADIUS accounting service port

is 1813 and the authentication/authorization service port is 1812.

By default, all the IP addresses of primary/second authentication/authorization and

accounting servers are 0.0.0.0, authentication/authorization service port is 1812

and accounting service UDP port is 1813.

Setting the RADIUS Packet Encryption Key

RADIUS client (switch system) and RADIUS server use MD5 algorithm to encrypt

the exchanged packets. The two ends verify the packet by setting the encryption

key. Only when the keys are identical can both ends accept the packets from each

other and give a response.

Perform the following configurations in RADIUS server group view.

Setting the Response Timeout Timer of RADIUS Server

RADIUS (authentication/authorization or accounting) request packet is transmitted

for a specific period of time. If NAS has not received the response from RADIUS

server, it has to retransmit the request to guarantee RADIUS service for the user.

Perform the following configurations in RADIUS server group view.

By default, timeout timer of RADIUS server is 3 seconds.

Setting Retransmission Times of the RADIUS Request Packet

Since RADIUS protocol uses UDP packets to carry the data, the communication

process is not reliable. If the RADIUS server has not responded to NAS before

timeout, NAS has to retransmit the RADIUS request packet. If it transmits the

packet for more than retry-time, and RADIUS server still has not given any

Table 237 Set RADIUS Packet Encryption Key

Operation Command

Set RADIUS authentication/authorization

packet encryption key

key authentication string

Restore the default RADIUS

authentication/authorization packet

encryption key.

undo key authentication

Set RADIUS accounting packet key key accounting string

Restore the default RADIUS accounting packet

key

undo key accounting

Table 238 Set Response Timeout Timer of RADIUS Server

Operation Command

Set response timeout timer of RADIUS server timer second

Restore the response timeout timer of RADIUS

server to default value

undo timer

previous next