202
C
HAPTER
11: 802.1X C
ONFIGURATION
Perform the following configurations in RADIUS Scheme View.
Table 215
Configuring RADIUS Accounting Servers
By default, as for the newly created RADIUS scheme, the IP address of the primary
accounting server is 0.0.0.0, and the UDP port number of this server is 1813; as
for the "system" RADIUS scheme created by the system, the IP address of the
primary accounting server is 127.0.0.1, and the UDP port number is 1646.
In real networking environments, you can specify two RADIUS servers as the
primary and the secondary accounting servers respectively; or specify one server to
function as both.
To guarantee the normal interaction between NAS and RADIUS server, you are
supposed to guarantee the normal routes between RADIUS server and NAS before
setting the IP address and UDP port of the RADIUS server. In addition, because
RADIUS protocol uses different UDP ports to receive/transmit
authentication/authorization and accounting packets, you need to set two
different ports accordingly. Suggested by RFC2138/2139,
authentication/authorization port number is 1812 and accounting port number is
1813. However, you may use values other than the suggested ones. (Especially for
some earlier RADIUS Servers, authentication/authorization port number is often
set to 1645 and accounting port number is 1646.)
The RADIUS service port settings on the Switch 4500 units are supposed to be
consistent with the port settings on RADIUS server. Normally, RADIUS accounting
service port is 1813.
Setting the Maximum Times of Real-time Accounting Request Failing to be
Responded to
A RADIUS server usually checks if a user is online with a timeout timer. If the
RADIUS server has not received the real-time accounting packet from NAS for a
while, it will consider that there is device failure and stop accounting. It is
necessary to disconnect the user at the NAS end and on the RADIUS server
synchronously when some unpredictable failure occurs. The Switch allows you to
set the maximum number of times of a real-time accounting request failing to be
responded to. NAS will disconnect the user if it has not received a real-time
accounting response from the RADIUS server for the specified number of times.
You can use the following command to set the maximum number of times of a
real-time accounting request failing to be responded
to
.
Perform the following configurations in RADIUS Scheme View.
Operation
Command
Set IP address and port number of primary RADIUS
accounting server.
primary accounting
ip_address
[
port_number
]
Restore IP address and port number of primary RADIUS
accounting server to the default values.
undo primary accounting
Set IP address and port number of second RADIUS
accounting server.
secondary accounting
ip_address
[
port_number
]
Restore IP address and port number of second RADIUS
accounting server to the default values.
undo secondary accounting
Summary of Contents for 400 Family
Page 12: ......
Page 16: ...14 ABOUT THIS GUIDE ...
Page 58: ...56 CHAPTER 2 PORT OPERATION ...
Page 68: ...66 CHAPTER 3 VLAN OPERATION ...
Page 98: ...96 CHAPTER 5 NETWORK PROTOCOL OPERATION ...
Page 124: ...122 CHAPTER 6 IP ROUTING PROTOCOL OPERATION ...
Page 156: ...154 CHAPTER 8 ACL CONFIGURATION ...
Page 218: ...216 CHAPTER 11 802 1X CONFIGURATION ...
Page 298: ...296 CHAPTER 13 PASSWORD CONTROL CONFIGURATION OPERATIONS ...
Page 336: ...334 APPENDIX B RADIUS SERVER AND RADIUS CLIENT SETUP ...