3com 8807 Guia Do Utilizador
246
C
HAPTER
26: AAA
AND
RADIUS/HWTACACS P
ROTOCOL
C
ONFIGURATION
■
■
■
■
■
Among the above tasks, creating RADIUS scheme and setting IP address of
RADIUS server are required, while other takes are optional and can be performed
as your requirements.
RADIUS server are required, while other takes are optional and can be performed
as your requirements.
Creating/Deleting a
RADIUS scheme
As mentioned above, RADIUS protocol configurations are performed on the per
RADIUS scheme basis. Therefore, before performing other RADIUS protocol
configurations, it is compulsory to create the RADIUS scheme and enter its view.
RADIUS scheme basis. Therefore, before performing other RADIUS protocol
configurations, it is compulsory to create the RADIUS scheme and enter its view.
You can use the following commands to create/delete a RADIUS scheme.
Perform the following configuration in system view.
Several ISP domains can use a RADIUS server group at the same time. You can
configure up to 16 RADIUS schemes, including the default server group named as
System.
configure up to 16 RADIUS schemes, including the default server group named as
System.
By default, the system has a RADIUS scheme named "system" whose attributes
are all default values.
are all default values.
Setting IP Address and
Port Number of a
RADIUS Server
After creating a RADIUS scheme, you are supposed to set IP addresses and UDP
port numbers for the RADIUS servers, including primary/secondary
authentication/authorization servers and accounting servers. So you can configure
up to 4 groups of IP addresses and UDP port numbers. However, at least you have
to set one group of IP address and UDP port number for each pair of
primary/secondary servers to ensure the normal AAA operation.
port numbers for the RADIUS servers, including primary/secondary
authentication/authorization servers and accounting servers. So you can configure
up to 4 groups of IP addresses and UDP port numbers. However, at least you have
to set one group of IP address and UDP port number for each pair of
primary/secondary servers to ensure the normal AAA operation.
You can use the following commands to configure the IP address and port number
for RADIUS schemes.
for RADIUS schemes.
Perform the following configuration in RADIUS scheme view.
Table 207 Create/Delete a RADIUS server group
Operation
Command
Create a RADIUS server group and enter its
view
view
radius scheme radius-server-name
Delete a RADIUS server group
undo radius scheme radius-server-name
Table 208 Set IP Address and Port Number of RADIUS Server
Operation
Command
Set IP address and port number of primary
RADIUS authentication/authorization server.
RADIUS authentication/authorization server.
primary authentication ip-address [
port-number ]
port-number ]
Restore IP address and port number of
primary RADIUS authentication/authorization
or server to the default values.
primary RADIUS authentication/authorization
or server to the default values.
undo primary authentication