3com 5500-SI Manual De Usuario
User Re-authentication at Reboot 433
2 Method 2: Using Local RADIUS authentication server.
Local server method is similar to remote RADIUS authentication. But you should
modify the server IP address to 127.0.0.1, authentication password to 3com, the UDP
port number of the authentication server to 1645.
modify the server IP address to 127.0.0.1, authentication password to 3com, the UDP
port number of the authentication server to 1645.
Configuring the Switch
5500
General RADIUS setup
The Switch 5500 supports multiple RADIUS schemes, which can be assigned to a
domain.
domain.
This guide covers the recommended steps to setup the Switch5500 for login.
Domain and RADIUS scheme creation
The Switch 5500 can have 1 or more domains created on it. A domain on the Switch
5500 is similar to a windows domain. By default, there is one domain created called
"system". This uses the local scheme to validate users. The information about the
local domain can be seen by typing "display domain". For example:
5500 is similar to a windows domain. By default, there is one domain created called
"system". This uses the local scheme to validate users. The information about the
local domain can be seen by typing "display domain". For example:
<SW5500>display domain
0 Domain = system
State = Active
Scheme = LOCAL
Access-limit = Disable
Domain User Template:
Idle-cut = Disable
Self-service = Disable
Messenger Time = Disable
This system domain uses the local scheme.
It is not recommended that you change the system domain, as it could result in
locking all users out of the switch. This could happen if you change the default local
scheme to use an external RADIUS server, which is unavailable.
locking all users out of the switch. This could happen if you change the default local
scheme to use an external RADIUS server, which is unavailable.
1 A new RADIUS scheme should be created as follows:
[SW5500]radius scheme NewSchemeName
New Radius scheme
[SW5500-radius-NewSchemeName]
2 Next, we need to add the attributes of the RADIUS scheme. This involves configuring
the RADIUS server IP address and shared secret.
[SW5500-radius-NewSchemeName]key authentication mysharedsecret
[SW5500-radius-NewSchemeName]primary authentication 161.71.67.250
3 The RADIUS scheme will not become active unless an accounting server is also
defined. If you don't have an accounting server, then the RADIUS scheme needs to
have accounting set to "optional".
have accounting set to "optional".
[SW5500-radius-NewSchemeName]accounting optional
4 Next, create a new domain as follows:
[SW5500]domain Demo
New Domain added.
[SW5500-isp-Demo]
5 Change the domain to use the new RADIUS scheme that you have configured:
[SW5500-isp-demo]radius-scheme NewSchemeName