Open as PDF
Before You Begin 521
Before You Begin To ensure that you can contact the RADIUS servers you plan to use for
authentication, send the ping command to each one to verify connectivity.
You can then set up communication between the WX switch and each
RADIUS server group.
An authentication server authenticates each client with access to a switch
port before making available any services offered by the switch or the
wireless network. The authentication server can reside either in the local
database on the WX switch or on a remote RADIUS server.
When a RADIUS server is used for authentication, you must configure
RADIUS server parameters. For each RADIUS server, you must, at a
minimum, set the server name, the password (key), and the IP address.
You can include any or all of the other optional parameters. You can set
some parameters globally for the RADIUS servers.
For RADIUS servers that do not explicitly set their own dead time and
timeout timers and transmission attempts, MSS sets the following values
Dead time — 0 (zero) minutes (The WX switch does not designate
unresponsive RADIUS servers as unavailable.)
Transmission attempts — 3
Timeout (WX wait for a server response) — 5 seconds
When MSS sends an authentication or authorization request to a RADIUS
server, MSS waits for the amount of the RADIUS timeout for the server to
respond. If the server does not respond, MSS retransmits the request.
MSS sends the request up to the number of retransmits configured. (The
retransmit setting specifies the total number of attempts, including the
first attempt.) For example, using the default values, MSS sends a request
to a server up to three times, waiting 5 seconds between requests.
If a server does not respond before the last request attempt times out,
MSS holds down further requests to the server, for the duration of the
dead time. For example, if you set the dead time to 5 minutes, MSS stops
sending requests to the unresponsive server for 5 minutes before
reattempting to use the server.