3Com 3.01.01 Switch User Manual


 
Configuring the AAA and RADIUS Protocols 281
Perform the following configurations in RADIUS server group view.
In real networking environments, the above parameters should be set according to
the specific requirements. For example, you may specify 4 groups of different data
to map 4 RADIUS servers, or specify one of the two servers as primary
authentication/authorization server and second accounting server and the other
one as second authentication/authorization server and primary accounting server.
You may also set 4 groups of exactly the same data so that every server serves as a
primary and second AAA server.
To guarantee the normal interaction between NAS and RADIUS server, you are
supposed to guarantee the normal routes between RADIUS server and NAS before
setting IP address and UDP port of the RADIUS server. Because RADIUS protocol
uses different UDP ports to receive/transmit authentication/authorization and
accounting packets, you should set two different ports accordingly. Suggested by
RFC2138/2139, the authentication/authorization port number is 1812 and the
accounting port number is 1813. However, you may use values other than the
ones suggested. (Especially for some earlier RADIUS Servers,
authentication/authorization port number is often set to 1645 and accounting
port number is 1646.)
The RADIUS service port settings on the Switch 8800 need to be consistent with
the port settings on the RADIUS server. Normally, RADIUS accounting service port
is 1813 and the authentication/authorization service port is 1812.
By default, all the IP addresses of primary/second authentication/authorization and
accounting servers are 0.0.0.0, authentication/authorization service port is 1812
and accounting service UDP port is 1813.
Table 20 Set IP Address and Port Number of RADIUS Server
Operation Command
Set IP address and port number of primary
RADIUS authentication/authorization server.
primary authentication ip-address
[port-number]
Restore IP address and port number of primary
RADIUS authentication/authorization or server
to the default values.
undo primary authentication
Set IP address and port number of primary
RADIUS accounting server.
primary accounting ip-address
[port-number]
Restore IP address and port number of primary
RADIUS accounting server or server to the
default values.
undo primary accounting
Set IP address and port number of secondary
RADIUS authentication/authorization server.
secondary authentication ip-address
[port-number]
Restore IP address and port number of second
RADIUS authentication/authorization or server
to the default values.
undo secondary authentication
Set IP address and port number of second
RADIUS accounting server.
Secondary accounting ip-address
[port-number]
Restore IP address and port number of second
RADIUS accounting server or server to the
default values.
undo secondary accounting