3com 4210 PWR 9-Port 3CR17341-91-ME 用户手册
产品代码
3CR17341-91-ME
256
C
HAPTER
21: AAA C
ONFIGURATION
■
With stop-accounting request buffering enabled, the switch first buffers the
stop-accounting request that gets no response from the RADIUS accounting
server, and then retransmits the request to the RADIUS accounting server until
it gets a response, or the maximum number of transmission attempts is
reached (in this case, it discards the request).
stop-accounting request that gets no response from the RADIUS accounting
server, and then retransmits the request to the RADIUS accounting server until
it gets a response, or the maximum number of transmission attempts is
reached (in this case, it discards the request).
■
You can set the maximum allowed number of continuous real-time accounting
failures. If the number of continuously failed real-time accounting requests to
the RADIUS server reaches the set maximum number, the switch cuts down the
user connection.
failures. If the number of continuously failed real-time accounting requests to
the RADIUS server reaches the set maximum number, the switch cuts down the
user connection.
■
The IP address and port number of the primary accounting server of the default
RADIUS scheme "system" are 127.0.0.1 and 1646 respectively.
RADIUS scheme "system" are 127.0.0.1 and 1646 respectively.
■
Currently, RADIUS does not support the accounting of FTP users.
Configuring Shared Keys
for RADIUS Messages
Both RADIUS client and server adopt MD5 algorithm to encrypt RADIUS messages
before they are exchanged between the two parties. The two parties verify the
validity of the RADIUS messages received from each other by using the shared keys
that have been set on them, and can accept and respond to the messages only
when both parties have the same shared key.
before they are exchanged between the two parties. The two parties verify the
validity of the RADIUS messages received from each other by using the shared keys
that have been set on them, and can accept and respond to the messages only
when both parties have the same shared key.
c
CAUTION: The authentication/authorization shared key and the accounting
shared key you set on the switch must be respectively consistent with the shared
key on the authentication/authorization server and the shared key on the
accounting server.
shared key you set on the switch must be respectively consistent with the shared
key on the authentication/authorization server and the shared key on the
accounting server.
Configuring the
Maximum Number of
RADIUS Request
Transmission Attempts
The communication in RADIUS is unreliable because this protocol uses UDP
packets to carry its data. Therefore, it is necessary for the switch to retransmit a
RADIUS request if it gets no response from the RADIUS server after the response
timeout timer expires. If the switch gets no answer after it has tried the maximum
number of times to transmit the request, the switch considers that the request
fails.
packets to carry its data. Therefore, it is necessary for the switch to retransmit a
RADIUS request if it gets no response from the RADIUS server after the response
timeout timer expires. If the switch gets no answer after it has tried the maximum
number of times to transmit the request, the switch considers that the request
fails.
Table 193 Configure shared keys for RADIUS messages
Operation
Command
Remarks
Enter system view
system-view
-
Create a RADIUS scheme and
enter its view
enter its view
radius scheme
radius-scheme-name
radius-scheme-name
Required
By default, a RADIUS scheme
named "system" has already
been created in the system.
named "system" has already
been created in the system.
Set a shared key for RADIUS
authentication/authorization
messages
authentication/authorization
messages
key authentication string
Required
By default, no shared key is
created.
created.
Set a shared key for RADIUS
accounting messages
accounting messages
key accounting string
Required
By default, no shared key is
created.
created.
Table 194 Configure the maximum transmission attempts of a RADIUS request
Operation
Command
Remarks
Enter system view
system-view
-