540CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL

When the RADIUS server used first does not respond, the succeeding servers are used in sequence.

When the authentication or accounting port number is configured to 0, the client does not use the authentication or accounting function provided by the server.

Table 611 Configure IP Address, Authentication Port Number and Accounting Port

Number

Operation

Command

 

 

Configure IP address (or host name),

radius server { hostname ip-address

authentication port number and

} [authentication-port port-number]

accounting port number of RADIUS server

[accounting-port port-number]

host.

 

Cancel RADIUS server with designated

undo radius server { hostname

host address or host name

ip-address }

 

 

The default authentication port number is 1812. When configured as 0, this server is not used as an authentication server. The default accounting port number is 1813. When configured as 0, this server is not used as an accounting server.

Configure RADIUS Server Shared Secret

The shared secret is used to encrypt user password and generate a response authenticator. When RADIUS sends authentication messages, MD5 encryption is applied to important information such as passwords, so the security of the authentication information transmission in the network can be insured. To insure the identification validity of the two parties, the secret key of the router must be the same as the one set on the RADIUS server, so that it can pass the authentication of the RADIUS server.

Table 612 Configure RADIUS Server Shared Secret

Operation

Command

 

 

Configure shared secret of RADIUS server

radius shared-key string

 

 

Delete shared secret of RADIUS server

undo radius shared-key

 

 

By default, no key is configured for the RADIUS server.

Configure the Time Interval at Which the Request Packet is Sent Before the

RADIUS Server Fails

To determine whether a RADIUS server is invalid, the router will send authentication request packets to the RADIUS server periodically.

Table 613 Configure the Time Interval at which the Request Packet is Sent Before RADIUS

Server Fails

Operation

Command

 

 

Configure the time interval at which the

radius timer response-timeout

authentication request packet is sent

seconds

 

 

Restore default value of the time interval

undo radius timer response-timeout

at which the authentication request

 

packet is sent

 

 

 

By default, the timeout interval is 10 seconds. The range is from 1 to 65535 seconds.

Page 544
Image 544
3Com 10014299 manual Configure Radius Server Shared Secret, By default, no key is configured for the Radius server