3com 5500-SI Manual Do Utilizador
User Re-authentication at Reboot 427
By default, the newly created RADIUS scheme supports the server type
standard
,
while the "system" RADIUS scheme created by the system supports the server type
3com
.
Setting the RADIUS
Server State
For the primary and secondary servers (no matter if they are an
authentication/authorization server or accounting server), if the primary server is
disconnected from the NAS for some fault, the NAS will automatically turn to
exchange packets with the secondary server. However, after the primary server
recovers, the NAS will not resume the communication with it at once, instead, it
continues communicating with the secondary server. When the secondary server fails
to communicate, the NAS will turn to the primary server again. The following
commands can be used to set the primary server to be
authentication/authorization server or accounting server), if the primary server is
disconnected from the NAS for some fault, the NAS will automatically turn to
exchange packets with the secondary server. However, after the primary server
recovers, the NAS will not resume the communication with it at once, instead, it
continues communicating with the secondary server. When the secondary server fails
to communicate, the NAS will turn to the primary server again. The following
commands can be used to set the primary server to be
active
manually, in order that
NAS can communicate with it immediately after a fault has been resolved.
When the primary and secondary servers are both
active
or
block
, NAS will send the
packets to the primary server only.
Perform the following configurations in RADIUS Scheme View.
Table 461 Setting the RADIUS Server State
By default, for the newly created RADIUS scheme, the primary and secondary
accounting/authentication servers are in the state of
accounting/authentication servers are in the state of
block
; for the "system" RADIUS
scheme created by the system, the primary accounting/authentication servers are in
the state of
the state of
active
, and the secondary accounting/authentication servers are in the
state of
block
.
Setting the Username
Format Transmitted to
the RADIUS Server
As mentioned above, the users are generally named in userid@isp-name format. The
part following “@” is the ISP domain name. The Switch will put the users into
different ISP domains according to the domain names. However, some earlier RADIUS
servers reject the username including ISP domain name. In this case, you have to
remove the domain name before sending the username to the RADIUS server. The
following command of switch decides whether the username to be sent to RADIUS
server carries ISP domain name or not.
part following “@” is the ISP domain name. The Switch will put the users into
different ISP domains according to the domain names. However, some earlier RADIUS
servers reject the username including ISP domain name. In this case, you have to
remove the domain name before sending the username to the RADIUS server. The
following command of switch decides whether the username to be sent to RADIUS
server carries ISP domain name or not.
Perform the following configurations in RADIUS Scheme View.
Table 462 Setting the Username Format Transmitted to the RADIUS Server
If a RADIUS scheme is configured not to allow usernames including ISP domain
names, the RADIUS scheme shall not be simultaneously used in more than one ISP
domain. Otherwise, the RADIUS server will regard two users in different ISP domains
as the same user by mistake, if they have the same username (excluding their
respective domain names.)
names, the RADIUS scheme shall not be simultaneously used in more than one ISP
domain. Otherwise, the RADIUS server will regard two users in different ISP domains
as the same user by mistake, if they have the same username (excluding their
respective domain names.)
By default, the RADIUS scheme acknowledges that the username sent to it includes
the ISP domain name.
the ISP domain name.
Operation
Command
Set the state of primary RADIUS server
state primary { accounting |
authentication } { block | active }
authentication } { block | active }
Set the state of second RADIUS server
state secondary{ accounting |
authentication } { block | active }
authentication } { block | active }
Operation
Command
Set Username Format Transmitted to
RADIUS Server
RADIUS Server
user-name-format { with-domain |
without-domain }
without-domain }