Setting Up A RADIUS Server 657
2Update the dictionary for Switch login
aIn /usr/local/etc/raddb create a new file called dictionary.3Com
containing the following information:
VENDOR 3Com 43
ATTRIBUTE 3Com-User-Access-Level 1 Integer 3Com
VALUE 3Com-User-Access-Level Monitor 1
VALUE 3Com-User-Access-Level Manager 2
VALUE 3Com-User-Access-Level Administrator 3
bEdit the existing file dictionary in /usr/local/etc/raddb to add the
following line:
$INCLUDE dictionary.3Com
The new file dictionary.3Com will be used in configuring the FreeRADIUS
server
3Locate the existing file users in /usr/local/etc/raddb and for each user
authorized to administer the Switch 5500:
aAdd an entry for Switch Login. For example
user-name Auth-Type = System, 3Com-User-Access-Level =
Administrator
This indicates that the server should return the 3Com vendor specific attribute
3Com-User-Access-Level in the Access-Accept message for that user.
bAdd an entry for Network Login. For example
user-name Auth-Type := Local, User-Password == "password"
4Run the FreeRADIUS server with radiusd, to turn on debugging. so you can see
any problems that may occur with the authentication:
cd /usr/local/sbin
./radiusd -sfxxyz -l stdout
Setting Up Auto VLAN and QOS using FreeRADIUS
It is slightly more complex to set up auto VLAN and QoS using FreeRADIUS, as the
dictionary file needs to be specially updated.
1Update the dictionary.tunnel file with the following lines:
ATTRIBUTE Tunnel-Type 64 integerhas_tag
ATTRIBUTE Tunnel-Medium-Type 65 integerhas_tag
ATTRIBUTE Tunnel-Private-Group-Id 81 stringhas_tag
VALUE Tunnel-Type VLAN 13
VALUE Tunnel-Medium-Type TMT802 6
2Locate the file users in /usr/local/etc/raddb and add the return list attributes
to the user. For example:
bob Auth-Type := Local, User-Password == "bob"
Tunnel-Medium-Type = TMT802,
Tunnel-Private-Group-Id = 2,
Tunnel-Type = VLAN,
Filter-Id = "profile=student"