222CHAPTER 9: AAA AND RADIUS OPERATION

Several ISP domains can use a RADIUS server group at the same time.

By default, the system has a RADIUS server group named system whose attributes are all default values. The default attribute values are introduced in the following section.

Setting the IP Address and Port Number of RADIUS Server

After creating a RADIUS server group, you set IP addresses and UDP port numbers for the RADIUS servers, including primary/second authentication/authorization servers and accounting servers. You can configure up to 4 groups of IP addresses and UDP port numbers. However, you have to set one group of IP address’ and UDP port numbers for each pair of primary/second servers to ensure normal AAA operation.

Perform the following configurations in RADIUS server group view.

Table 236 Set IP Address and Port Number of RADIUS Server

Operation

Command

 

 

Set IP address and port number of primary

primary authentication ip-address

RADIUS authentication/authorization server.

[ port-number ]

Restore IP address and port number of primary

undo primary authentication

RADIUS authentication/authorization or server

 

to the default values.

 

Set IP address and port number of primary

primary accounting ip-address [

RADIUS accounting server.

port-number ]

Restore IP address and port number of primary

undo primary accounting

RADIUS accounting server or server to the

 

default values.

 

Set IP address and port number of secondary

secondary authentication

RADIUS authentication/authorization server.

ip-address [ port-number ]

Restore IP address and port number of second

undo secondary authentication

RADIUS authentication/authorization or server

 

to the default values.

 

Set IP address and port number of second

secondary accounting ip-address [

RADIUS accounting server.

port-number ]

Restore IP address and port number of second

undo secondary accounting

RADIUS accounting server or server to the

 

default values.

 

 

 

In real networking environments, the above parameters should be set according to the specific requirements. For example, you may specify 4 groups of different data to map 4 RADIUS servers, or specify one of the two servers as primary authentication/authorization server and second accounting server and the other one as second authentication/authorization server and primary accounting server. You may also set 4 groups of exactly the same data so that every server serves as a primary and secondary AAA server.

To guarantee normal interaction between the NAS and RADIUS servers, you must to guarantee a default route between RADIUS server and NAS before setting IP address and UDP port of the RADIUS server. Because RADIUS protocol uses different UDP ports to receive/transmit authentication/authorization and accounting packets, you should set two different ports accordingly. Suggested by RFC2138/2139, the authentication/authorization port number is 1812 and the accounting port number is 1813. However, you may use values other than the

Page 222
Image 222
3Com 10014298 Setting the IP Address and Port Number of Radius Server, Set IP Address and Port Number of Radius Server