Operation Manual – AAA
H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration
2-21
addition to RADIUS client service, where separate authentication/authorization server
and the accounting server are used for user authentication.
Table 2-19 Configure the local RADIUS authentication server function
Operation Command Remarks
Enter system view
system-view
—
Enable UDP port for local
RADIUS authentication
server
local-server enable
Optional
By default, the UDP port for
local RADIUS authentication
server is enabled.
Configure the parameters
of the local RADIUS
server
local-server nas-ip
ip-address key
password
Required
By default, a local RADIUS
authentication server is
configured with an NAS IP
address of 127.0.0.1.
Caution:
z If you adopt the local RADIUS authentication server function, the UDP port number
of the authentication/authorization server must be 1645, the UDP port number of the
accounting server must be 1646, and the IP addresses of the servers must be set to
the addresses of this switch.
z The message encryption key set by the local-server nas-ip ip-address key
password command must be identical with the authentication/authorization
message encryption key set by the key authentication command in the RADIUS
scheme view of the RADIUS scheme on the specified NAS that uses this switch as
its authentication server.
z The switch supports IP addresses and shared keys for up to 16 network access
servers (NAS). That is, when acting as the local RADIUS authentication server, the
switch can provide authentication service to up to 16 network access servers
(including the switch itself) at the same time.
z When acting as the local RADIUS authentication server, the switch does not support
EAP authentication.
2.2.10 Configuring Timers for RADIUS Servers
After sending out a RADIUS request (authentication/authorization request or
accounting request) to a RADIUS server, the switch waits for a response from the
server. The maximum time that the switch can wait for the response is called the
response timeout time of RADIUS servers, and the corresponding timer in the switch
To Next Page
Loading...
Need help?
General