Configuring the status of radius servers – H3C Technologies H3C S3100 Series Switches User Manual

Page 433

Advertising
background image

2-19

z

If you change the type of RADIUS server, the data stream destined to the original RADIUS server

will be restored to the default unit.

z

When the third party RADIUS server is used, you can select standard or extended as the

server-type in a RADIUS scheme; when the CAMS server is used, you can select extended as the

server-type in a RADIUS scheme.

Configuring the Status of RADIUS Servers

For the primary and secondary servers (authentication/authorization servers, or accounting servers) in

a RADIUS scheme:

When the switch fails to communicate with the primary server due to some server trouble, the switch will

turn to the secondary server and exchange messages with the secondary server.

After the primary server remains in the block state for a set time (set by the timer quiet command), the

switch will try to communicate with the primary server again when it receives a RADIUS request. If it

finds that the primary server has recovered, the switch immediately restores the communication with

the primary server instead of communicating with the secondary server, and at the same time restores

the status of the primary server to active while keeping the status of the secondary server unchanged.

When both the primary and secondary servers are in active or block state, the switch sends messages

only to the primary server.

Table 2-18 Set the status of RADIUS servers

Operation

Command

Remarks

Enter system view

system-view

Create a RADIUS scheme and
enter its view

radius scheme
radius-scheme-name

Required

By default, a RADIUS scheme
named "system" has already
been created in the system.

Set the status of the primary
RADIUS
authentication/authorization
server

state primary authentication
{ block | active }

Set the status of the primary
RADIUS accounting server

state primary accounting
{ block | active }

Set the status of the secondary
RADIUS
authentication/authorization
server

state secondary
authentication { ip-address |
ipv6 ipv6-address } { block |
active }

Set the status of the secondary
RADIUS accounting server

state secondary accounting
{ ip-address | ipv6
ipv6-address } { block | active }

Optional

By default, the RADIUS servers
specified with IP addresses in
the RADIUS scheme are all in
the active state.

Advertising
Popular Brands
Popular manuals