3com 5500-ei pwr Guia De Referência
1-41
z
The message encryption key set by the local-server nas-ip ip-address key password command
must be identical with the authentication/authorization message encryption key set by the key
must be identical with the authentication/authorization message encryption key set by the key
authentication
command in the RADIUS scheme view of the RADIUS scheme on the specified
NAS that uses this switch as its authentication server.
z
The switch supports the IP addresses and shared keys of at most 16 network access servers
(including the local device); that is, when the switch serves as a RADIUS server, it can provide
authentication service to at most 16 NASs simultaneously.
(including the local device); that is, when the switch serves as a RADIUS server, it can provide
authentication service to at most 16 NASs simultaneously.
z
When serving as a local RADIUS server, the switch does not support EAP authentication (that is
you cannot set the 802.1x authentication method as eap by using the dot1x
you cannot set the 802.1x authentication method as eap by using the dot1x
authentication-method eap
command).
Related commands: radius scheme, state, local-server enable.
Examples
# Allow the local RADIUS server to provide services to NAS 10.110.1.2 with shared key aabbcc.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] local-server nas-ip 10.110.1.2 key aabbcc
nas-ip
Syntax
nas-ip
ip-address
undo nas-ip
View
RADIUS scheme view
Parameters
ip-address
: Source IP address for RADIUS messages, an IP address of this device. This address can
neither be the all 0's address nor be a Class-D address.
Description
Use the nas-ip command to set the source IP address of outgoing RADIUS messages.
Use the undo nas-ip command to remove the source IP address setting.
By default, the IP address of the outbound interface is used as the source IP address of RADIUS
messages.
messages.