3com WX4400 3CRWX440095A Manuel D’Utilisation
524
C
HAPTER
22: C
ONFIGURING
C
OMMUNICATION
WITH
RADIUS
You can configure multiple RADIUS servers. When you define server
names and keys, case is significant. For example:
names and keys, case is significant. For example:
WX1200# set radius server rs1 address 10.6.7.8 key seCret
success: change accepted.
WX1200# set radius server rs2 address 10.6.7.9 key BigSecret
success: change accepted.
success: change accepted.
WX1200# set radius server rs2 address 10.6.7.9 key BigSecret
success: change accepted.
You must provide RADIUS servers with names that are unique. To prevent
confusion, 3Com recommends that RADIUS server names differ in ways
other than case. For example, avoid naming two servers RS1 and rs1.
confusion, 3Com recommends that RADIUS server names differ in ways
other than case. For example, avoid naming two servers RS1 and rs1.
You must configure RADIUS servers into server groups before you can
access them. For information on creating server groups, see “Configuring
RADIUS Server Groups” on page 524.
access them. For information on creating server groups, see “Configuring
RADIUS Server Groups” on page 524.
Deleting RADIUS
Servers
To remove a RADIUS server from the WX configuration, use the following
command:
command:
clear radius server server-name
Configuring
RADIUS Server
Groups
RADIUS Server
Groups
A server group is a named group of up to four RADIUS servers. Before
you can use a RADIUS server for authentication, you must first create a
RADIUS server group and add the RADIUS server to that group. You can
also arrange load balancing, so that authentications are spread out
among servers in the group. You must declare all members of a server
group, in contact order, when you create the group.
you can use a RADIUS server for authentication, you must first create a
RADIUS server group and add the RADIUS server to that group. You can
also arrange load balancing, so that authentications are spread out
among servers in the group. You must declare all members of a server
group, in contact order, when you create the group.
Once the group is configured, you can use a server group name as the
AAA method with the set authentication and set accounting
commands. (See Chapter 3, “Configuring AAA for Administrative and
Local Access,” on page 51 and Chapter 21, “Configuring AAA for
Network Users,” on page 433.)
AAA method with the set authentication and set accounting
commands. (See Chapter 3, “Configuring AAA for Administrative and
Local Access,” on page 51 and Chapter 21, “Configuring AAA for
Network Users,” on page 433.)
Subsequently, you can change the members of a group or configure load
balancing.
balancing.
If you add or remove a RADIUS server in a server group, all the RADIUS
dead timers for that server group are reset to the global default.
dead timers for that server group are reset to the global default.