Creating a radius scheme – H3C Technologies H3C S3100 Series Switches User Manual

Page 426

Advertising
background image

2-12

Task

Remarks

Configuring the Type of RADIUS Servers to be Supported

Optional

Configuring the Status of RADIUS Servers

Optional

Configuring the Attributes of Data to be Sent to RADIUS
Servers

Optional

Configuring the Local RADIUS Authentication Server
Function

Required

Configuring Timers for RADIUS Servers

Optional

Enabling Sending Trap Message when a RADIUS Server
Goes Down

Optional

Configuring the
RADIUS client

Refer to the configuration of the RADIUS client

The RADIUS service configuration is performed on a RADIUS scheme basis. In an actual network

environment, you can either use a single RADIUS server or two RADIUS servers (primary and

secondary servers with the same configuration but different IP addresses) in a RADIUS scheme. After

creating a new RADIUS scheme, you should configure the IP address and UDP port number of each

RADIUS server you want to use in this scheme. These RADIUS servers fall into two types:

authentication/authorization, and accounting. And for each type of server, you can configure two

servers in a RADIUS scheme: primary server and secondary server. A RADIUS scheme has some

parameters such as IP addresses of the primary and secondary servers, shared keys, and types of the

RADIUS servers.

In an actual network environment, you can configure the above parameters as required. But you should

configure at least one authentication/authorization server and one accounting server, and keep the

RADIUS server port settings on the switch consistent with those on the RADIUS servers.

Actually, the RADIUS service configuration only defines the parameters for information exchange

between switch and RADIUS server. To make these parameters take effect, you must reference the

RADIUS scheme configured with these parameters in an ISP domain view (refer to

AAA Configuration

).

Creating a RADIUS Scheme

The RADIUS protocol configuration is performed on a RADIUS scheme basis. You should first create a

RADIUS scheme and enter its view before performing other RADIUS protocol configurations.

Table 2-11 Create a RADIUS scheme

Operation

Command

Remarks

Enter system view

system-view

Advertising
Popular Brands
Popular manuals