282 CHAPTER 9: AAA AND RADIUS OPERATION
Setting the RADIUS Packet Encryption Key
RADIUS client (switch system) and RADIUS server use MD5 algorithm to encrypt
the exchanged packets. The two ends verify the packet by setting the encryption
key. Only when the keys are identical can both ends accept the packets from each
other and give a response.
Perform the following configurations in RADIUS server group view.
Setting the Response Timeout Timer of RADIUS Server
RADIUS (authentication/authorization or accounting) request packet is transmitted
for a specific period of time. If NAS has not received the response from RADIUS
server, it has to retransmit the request to guarantee RADIUS service for the user.
Perform the following configurations in RADIUS server group view.
By default, timeout timer of RADIUS server is 3 seconds.
Setting Retransmission Times of the RADIUS Request Packet
Since RADIUS protocol uses UDP packets to carry the data, the communication
process is not reliable. If the RADIUS server has not responded to NAS before
timeout, NAS has to retransmit the RADIUS request packet. If it transmits the
packet for more than retry-time, and RADIUS server still has not given any
response, NAS considers the communication with the current RADIUS server
disconnected and will transmit the request packet to other RADIUS servers.
Perform the following configurations in RADIUS server group view.
Table 21 Set RADIUS Packet Encryption Key
Operation Command
Set RADIUS authentication/authorization
packet encryption key
key authentication string
Restore the default RADIUS
authentication/authorization packet
encryption key.
undo key authentication
Set RADIUS accounting packet key key accounting string
Restore the default RADIUS accounting packet
key
undo key accounting
Table 22 Set Response Timeout Timer of RADIUS Server
Operation Command
Set response timeout timer of RADIUS server timer second
Restore the response timeout timer of RADIUS
server to default value
undo timer
Table 23 Set Retransmission Times of RADIUS Request Packet
Operation Command
Set retransmission times of RADIUS request
packet
retry retry-time
Restore the default value of retransmission
times
undo retry