228CHAPTER 9: AAA AND RADIUS OPERATION

By default, the default data unit is a byte and the default data packet unit is one packet.

Configuring a Local RADIUS Server Group

RADIUS service adopts authentication/authorization/accounting servers to manage users. Local authentication/authorization/accounting service is also used in these products and it is called local RADIUS function.

Perform the following commands in system view to create/delete local RADIUS server group.

Table 250 Create/Delete a Local RADIUS Server Group

Operation

Command

 

 

Create a local RADIUS server group and enter

local-radius nas-ip ip-addresskey

its view

password

Delete a local RADIUS server group

undo local-radius nas-ip

 

ip-address

 

 

By default, the IP address of local RADIUS server group is 127.0.0.1 and the password is 3com.

When using the local RADIUS server function of the Switch 7750, remember the number of the UDP port used for authentication is 1812 and the number for accounting is 1813.

Configuring Source Address for RADIUS Packets Sent by NAS

Perform the following configurations in the corresponding view.

Table 251 Configuring source address for the RADIUS packets sent by the NAS

Operation

Command

 

 

Configure the source address to be carried in

nas-ipip-address

the RADIUS packets sent by the NAS (RADIUS

 

scheme view).

 

Cancel the configured source address to be

undo nas-ip

carried in the RADIUS packets sent by the NAS

 

(RADIUS scheme view).

 

Configure the source address to be carried in

radius nas-ip ip-address

the RADIUS packets sent by the NAS (System

 

view).

 

Cancel the configured source address to be

undo radius nas-ip

carried in the RADIUS packets sent by the NAS

 

(System view).

 

 

 

You can use either command to bind a source address with the NAS.

By default, no source address is specified and the source address of a packet is the address of the interface where it is sent.

Setting the Timers of the RADIUS Server

I. Setting the Response Timeout Timer of the RADIUS Server

After RADIUS (authentication/authorization or accounting) request packet has been transmitted for a period of time, if NAS has not received the response from

Page 228
Image 228
3Com 10014298 manual Configuring a Local Radius Server Group, Configuring Source Address for Radius Packets Sent by NAS