3com 4210 PWR 9-Port 3CR17341-91-ME 用户手册
产品代码
3CR17341-91-ME
254
C
HAPTER
21: AAA C
ONFIGURATION
n
Actually, the RADIUS service configuration only defines the parameters for
information exchange between switch and RADIUS server. To make these
parameters take effect, you must reference the RADIUS scheme configured with
these parameters in an ISP domain view (refer to “AAA Configuration Task List”
on page 245).
information exchange between switch and RADIUS server. To make these
parameters take effect, you must reference the RADIUS scheme configured with
these parameters in an ISP domain view (refer to “AAA Configuration Task List”
on page 245).
Creating a RADIUS
Scheme
The RADIUS protocol configuration is performed on a RADIUS scheme basis. You
should first create a RADIUS scheme and enter its view before performing other
RADIUS protocol configurations.
should first create a RADIUS scheme and enter its view before performing other
RADIUS protocol configurations.
n
A RADIUS scheme can be referenced by multiple ISP domains simultaneously.
Configuring RADIUS
Authentication/Authoriz
ation Servers
n
■
The authentication response sent from the RADIUS server to the RADIUS client
carries authorization information. Therefore, you need not (and cannot) specify
a separate RADIUS authorization server.
carries authorization information. Therefore, you need not (and cannot) specify
a separate RADIUS authorization server.
Table 190 Create a RADIUS scheme
Operation
Command
Remarks
Enter system view
system-view
-
Enable RADIUS authentication
port
port
radius client enable
Optional
By default, RADIUS
authentication port is
enabled.
authentication port is
enabled.
Create a RADIUS scheme and
enter its view
enter its view
radius scheme
radius-scheme-name
radius-scheme-name
Required
By default, a RADIUS scheme
named "system" has already
been created in the system.
named "system" has already
been created in the system.
Table 191 Configure RADIUS authentication/authorization servers
Operation
Command
Remarks
Enter system view
system-view
-
Create a RADIUS scheme and
enter its view
enter its view
radius scheme
radius-scheme-name
radius-scheme-name
Required
By default, a RADIUS scheme
named "system" has already
been created in the system.
named "system" has already
been created in the system.
Set the IP address and port
number of the primary
RADIUS
authentication/authorization
server
number of the primary
RADIUS
authentication/authorization
server
primary authentication
ip-address [ port-number ]
ip-address [ port-number ]
Required
By default, the IP address and
UDP port number of the
primary server are 0.0.0.0 and
1812 respectively for a newly
created RADIUS scheme.
UDP port number of the
primary server are 0.0.0.0 and
1812 respectively for a newly
created RADIUS scheme.
Set the IP address and port
number of the secondary
RADIUS
authentication/authorization
server
number of the secondary
RADIUS
authentication/authorization
server
secondary authentication
ip-address [ port-number ]
ip-address [ port-number ]
Optional
By default, the IP address and
UDP port number of the
secondary server are 0.0.0.0
and 1812 respectively for a
newly created RADIUS
scheme.
UDP port number of the
secondary server are 0.0.0.0
and 1812 respectively for a
newly created RADIUS
scheme.