3Com WX3000 Configuring Shared Keys for RADIUS Messages

2-12

To do… Use the command… Remarks

Set the IP address and port

number of the secondary

RADIUS accounting server

secondary accounting

ip-address [ port-number ]

Optional

By default, the IP address and

UDP port number of the

secondary accounting server

are 0.0.0.0 and 1813 for a

newly created RADIUS

scheme.

Enable stop-accounting

request buffering stop-accounting-buffer

enable

Optional

By default, stop-accounting

request buffering is enabled.

Set the maximum number of

transmission attempts of a

buffered stop-accounting

request.

retry stop-accounting

retry-times

Optional

By default, the system tries at

most 500 times to transmit a

buffered stop-accounting

request.

Set the maximum allowed

number of continuous real-time

accounting failures

retry realtime-accounting

retry-times

Optional

By default, the maximum

allowed number of continuous

real-time accounting failures is

five. If five continuous failures

occur, the device cuts down the

user connection.

z In an actual network environment, you can specify one server as both the primary and secondary

accounting servers, as well as specifying two RADIUS servers as the primary and secondary

accounting servers respectively. In addition, because RADIUS adopts different UDP ports to

exchange authentication/authorization messages and accounting messages, you must set a port

number for accounting different from that set for authentication/authorization.

z With stop-accounting request buffering enabled, the device first buffers the stop-accounting

request that gets no response from the RADIUS accounting server, and then retransmits the

request to the RADIUS accounting server until it gets a response, or the maximum number of

transmission attempts is reached (in this case, it discards the request).

z You can set the maximum allowed number of continuous real-time accounting failures. If the

number of continuously failed real-time accounting requests to the RADIUS server reaches the set

maximum number, the device cuts down the user connection.

z The IP address and port number of the primary accounting server of the default RADIUS scheme

"system" are 127.0.0.1 and 1646 respectively.

z Currently, RADIUS does not support the accounting of FTP users.

Configuring Shared Keys for RADIUS Messages

Both RADIUS client and server adopt MD5 algorithm to encrypt RADIUS messages before they are

exchanged between the two parties. The two parties verify the validity of the RADIUS messages