AAA and RADIUS Protocol Configuration 279
Tab le 312 Disconnecting a User by Force
By default, no online user will be disconnected by force.
Configuring the RADIUS
Protocol
For the Switch 5500G-EI, the RADIUS protocol is configured on the per RADIUS
scheme basis. In a real networking environment, a RADIUS scheme can be an
independent RADIUS server or a set of primary/secondary RADIUS servers with the
same configuration but two different IP addresses. Accordingly, attributes of every
RADIUS scheme include IP addresses of primary and secondary servers, shared key
and RADIUS server type, etc.
RADIUS protocol configuration only defines some necessary parameters used for
information interaction between NAS and RADIUS Server. To make these
parameters effective, it is necessary to configure, in the view, an ISP domain to use
the RADIUS scheme and specify it to use RADIUS AAA schemes. For more
information about the configuration commands, refer to the AAA Configuration
section above.
RADIUS protocol configuration includes:
■ Creating/Deleting a RADIUS Scheme
■ Configuring RADIUS Authentication/ Authorization Servers
■ Configuring RADIUS Accounting Servers and the Related Attributes
■ Setting the RADIUS Packet Encryption Key
■ Setting Retransmission Times of RADIUS Request Packet
■ Setting the Supported Type of the RADIUS Server
■ Setting the RADIUS Server State
■ Setting the Username Format Transmitted to the RADIUS Server
■ Configuring the Local RADIUS Authentication Server
■ Configuring Source Address for RADIUS Packets Sent by NAS
■ Setting the Timers of the RADIUS Server
Among the above tasks, creating the RADIUS scheme and setting the IP address of
the RADIUS server are required, while other tasks are optional and can be
performed as per your requirements.
Creating/Deleting a
RADIUS Scheme
As mentioned above, RADIUS protocol configurations are performed on the per
RADIUS scheme basis. Therefore, before performing other RADIUS protocol
configurations, it is essential to create the RADIUS scheme and enter its view to set
its IP address.
You can use the following commands to create/delete a RADIUS scheme.
Operation Command
Disconnect a user by
force
cut connection { all | access-type { dot1x | gcm |
mac-authentication } | domain
domain_name
|
interface
interface_type interface_number
| ip
ip_address
| mac
mac_address
| radius-scheme
radius_scheme_name
| vlan
vlanid
| ucibindex
ucib_index
| user-name
user_name
}
To Next Page