3com WX4400 3CRWX440095A User Manual
522
C
HAPTER
22: C
ONFIGURING
C
OMMUNICATION
WITH
RADIUS
During the holddown, it is as if the dead RADIUS server does not exist.
MSS skips over any dead RADIUS servers to the next live server, or on to
the next method if no more live servers are available, depending on your
configuration. For example, if a RADIUS server group is the primary
authentication method and local is the secondary method, MSS fails over
to the local method if all RADIUS servers in the server group are
unresponsive and have entered the dead time.
MSS skips over any dead RADIUS servers to the next live server, or on to
the next method if no more live servers are available, depending on your
configuration. For example, if a RADIUS server group is the primary
authentication method and local is the secondary method, MSS fails over
to the local method if all RADIUS servers in the server group are
unresponsive and have entered the dead time.
For failover authentication or authorization to work promptly, 3Com
recommends that you change the dead time to a value other than 0.
With the default setting, the dead time is never invoked and MSS does
not hold down requests to unresponsive RADIUS servers. Instead, MSS
attempts to send each new authentication or authorization request to a
server even if the server is thought to be unresponsive. This behavior can
cause authentication or authorization failures on clients because MSS
does not fail over to the local method soon enough and the clients
eventually time out.
recommends that you change the dead time to a value other than 0.
With the default setting, the dead time is never invoked and MSS does
not hold down requests to unresponsive RADIUS servers. Instead, MSS
attempts to send each new authentication or authorization request to a
server even if the server is thought to be unresponsive. This behavior can
cause authentication or authorization failures on clients because MSS
does not fail over to the local method soon enough and the clients
eventually time out.
Configuring Global
RADIUS Defaults
You can change RADIUS values globally and set a global password (key)
with the following command. The key string is the shared secret that the
WX switch uses to authenticate itself to the RADIUS server.
with the following command. The key string is the shared secret that the
WX switch uses to authenticate itself to the RADIUS server.
set radius {deadtime minutes | encrypted-key string |
key string | retransmit number | timeout seconds}
key string | retransmit number | timeout seconds}
(To override global settings for individual RADIUS servers, use the set
radius server command. See “Configuring Individual RADIUS Servers”
on page 523.)
radius server command. See “Configuring Individual RADIUS Servers”
on page 523.)
For example, the following commands set the dead-time timer to
10 minutes and set the password to r8gney for all RADIUS servers in the
WX configuration:
10 minutes and set the password to r8gney for all RADIUS servers in the
WX configuration:
WX1200# set radius deadtime 10
success: change accepted.
WX1200# set radius key r8gney
success: change accepted.
success: change accepted.
WX1200# set radius key r8gney
success: change accepted.
To reset global RADIUS server settings to their factory defaults, use the
following command:
following command:
clear radius {deadtime | key | retransmit | timeout}