Support User Manuals

3Com 10014299 Network Router User Manual

Open as PDF

of 762

544 CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL

3 Configure RADIUS server

[Router] radius server 129.7.66.66 authentication-port 1000

accounting-port 1001

[Router] radius server 129.7.66.67

4 Configure RADIUS server shared secret, retransmission times, and time length of

timeout timer

[Router] radius shared-key this-is-my-secret

[Router] radius retry 2

5 Configure real-time accounting with interval of 5 minutes

[Router] radius timer realtime-accounting 5

Authenticating an FTP

Use

r

The authentication server is 129.7.66.66, numbers of ports being 1812 and 1813.

Authenticate and charge FTP users using RADIUS server first, and if there is no

response, do not authenticate or charge them.

See Figure 169.

1 Enable AAA and configure default authentication method list of FTP user.

[Router]aaa-enable

[Router]aaa authentication-scheme login default radius none

2 Enable FTP server

[Router]ftp-server enable

3 Configure user abc and authorize the user to use FTP service.

[Router] local-user abc service-type ftp password simple hello

4 Configure RADIUS server IP address and port, using default port number

[Router]radius server 129.7.66.66

5 Configure RADIUS server shared secret, retransmission times, timeout and RADIUS

server dead time.

[Router] rad shared-key this-is-my-secret

[Router] radius retry 4

[Router] radius timer response-timeout 2

[Router] radius timer quiet 1

Troubleshooting AAA

and RADIUS

Local user authentication is always rejected

Follow the steps below.

1 Check whether correct password has been configured in local-user command.

2 Check whether the authorized service-type is correct.

3 When RADIUS server accounting is used, and the command aaa

accounting-scheme optional

is not configured, check whether the RADIUS

server can be pinged through. Also check whether the address, port number and

key of RADIUS server configured on the router for accounting are identical with

those on the RADIUS server in use.

4 If the operation above does not work, use the radius server command to

reconfigure the RADIUS server. Because of the communication failure with the

RADIUS server mentioned. RADIUS server is considered by the system as

previous next