3com 5500-SI Manual Do Utilizador
422
C
HAPTER
21: 802.1
X
C
ONFIGURATION
The authorization information from the RADIUS server is sent to RADIUS clients in
authentication response packets, so you do not need to specify a separate
authorization server.
authentication response packets, so you do not need to specify a separate
authorization server.
In real networking environments, you may specify two RADIUS servers as primary and
secondary authentication/authorization servers respectively, or specify one server to
function as both.
secondary authentication/authorization servers respectively, or specify one server to
function as both.
The RADIUS service port settings on the Switch 5500 should be consistent with the
port settings on the RADIUS server. Normally, the authentication/authorization service
port is 1812.
port settings on the RADIUS server. Normally, the authentication/authorization service
port is 1812.
Configuring RADIUS
Accounting Servers and
the Related Attributes
Configuring RADIUS Accounting Servers
You can use the following commands to configure the IP address and port number for
RADIUS accounting servers.
RADIUS accounting servers.
Perform the following configurations in RADIUS Scheme View.
Table 452 Configuring RADIUS Accounting Servers
By default, as for the newly created RADIUS scheme, the IP address of the primary
accounting server is 0.0.0.0, and the UDP port number of this server is 1813; as for
the "system" RADIUS scheme created by the system, the IP address of the primary
accounting server is 127.0.0.1, and the UDP port number is 1646.
accounting server is 0.0.0.0, and the UDP port number of this server is 1813; as for
the "system" RADIUS scheme created by the system, the IP address of the primary
accounting server is 127.0.0.1, and the UDP port number is 1646.
In real networking environments, you can specify two RADIUS servers as the primary
and the secondary accounting servers respectively; or specify one server to function as
both.
and the secondary accounting servers respectively; or specify one server to function as
both.
To guarantee the normal interaction between NAS and RADIUS server, you are
supposed to guarantee the normal routes between RADIUS server and NAS before
setting the IP address and UDP port of the RADIUS server. In addition, because
RADIUS protocol uses different UDP ports to receive/transmit
authentication/authorization and accounting packets, you need to set two different
ports accordingly. Suggested by RFC2138/2139, authentication/authorization port
number is 1812 and accounting port number is 1813. However, you may use values
other than the suggested ones. (Especially for some earlier RADIUS Servers,
authentication/authorization port number is often set to 1645 and accounting port
number is 1646.)
supposed to guarantee the normal routes between RADIUS server and NAS before
setting the IP address and UDP port of the RADIUS server. In addition, because
RADIUS protocol uses different UDP ports to receive/transmit
authentication/authorization and accounting packets, you need to set two different
ports accordingly. Suggested by RFC2138/2139, authentication/authorization port
number is 1812 and accounting port number is 1813. However, you may use values
other than the suggested ones. (Especially for some earlier RADIUS Servers,
authentication/authorization port number is often set to 1645 and accounting port
number is 1646.)
The RADIUS service port settings on the Switch 5500 units are supposed to be
consistent with the port settings on RADIUS server. Normally, RADIUS accounting
service port is 1813.
consistent with the port settings on RADIUS server. Normally, RADIUS accounting
service port is 1813.
Operation
Command
Set IP address and port number of primary RADIUS
accounting server.
accounting server.
primary accounting
ip_address
[
port_number ]
Restore IP address and port number of primary RADIUS
accounting server to the default values.
accounting server to the default values.
undo primary accounting
Set IP address and port number of second RADIUS
accounting server.
accounting server.
secondary accounting
ip_address [ port_number ]
Restore IP address and port number of second RADIUS
accounting server to the default values.
accounting server to the default values.
undo secondary accounting