z

z

z

z

If you adopt the local RADIUS authentication server function, the UDP port number of the authentication/authorization server must be 1645, the UDP port number of the accounting server must be 1646, and the IP addresses of the servers must be set to the addresses of this device.

The message encryption key set by the local-servernas-ipip-addresskey password command must be identical with the authentication/authorization message encryption key set by the key authentication command in the RADIUS scheme view of the RADIUS scheme on the specified NAS that uses this device as its authentication server.

The device supports IP addresses and shared keys for up to 16 network access servers (NAS). That is, when acting as the local RADIUS authentication server, the device can provide authentication service to up to 16 network access servers (including the device itself) at the same time.

When acting as the local RADIUS authentication server, the device does not support EAP authentication.

Configuring Timers for RADIUS Servers

After sending out a RADIUS request (authentication/authorization request or accounting request) to a RADIUS server, the device waits for a response from the server. The maximum time that the device can wait for the response is called the response timeout time of RADIUS servers, and the corresponding timer in the device system is called the response timeout timer of RADIUS servers. If the device gets no answer within the response timeout time, it needs to retransmit the request to ensure that the user can obtain RADIUS service.

For the primary and secondary servers (authentication/authorization servers, or accounting servers) in a RADIUS scheme:

When the device fails to communicate with the primary server due to some server trouble, the device will turn to the secondary server and exchange messages with the secondary server.

After the primary server remains in the block state for a specific time (set by the timer quiet command), the device will try to communicate with the primary server again when it has a RADIUS request. If it finds that the primary server has recovered, the device immediately restores the communication with the primary server instead of communicating with the secondary server, and at the same time restores the status of the primary server to active while keeping the status of the secondary server unchanged.

To control the interval at which users are charged in real time, you can set the real-time accounting interval. After the setting, the device periodically sends online users' accounting information to RADIUS server at the set interval.

Follow these steps to set timers for RADIUS servers:

To do…

Use the command…

Remarks

Enter system view

system-view

 

 

 

 

 

Required

Create a RADIUS scheme and

radius scheme

By default, a RADIUS scheme

enter its view

radius-scheme-name

named "system" has already

 

 

been created in the system.

 

2-17

 

Page 276
Image 276
3Com WX3000 operation manual Configuring Timers for Radius Servers