10 configuring the timers of radius servers, 10 configuring the timers of radius servers -30, Configuring the – H3C Technologies H3C S3100 Series Switches User Manual

Page 329: Timers of radius, Servers

Advertising
background image

Operation Manual – AAA – RADIUS – HWTACACS

H3C S3100-52P Ethernet Switch

Chapter 1 AAA & RADIUS & HWTACACS

Configuration

1-30

Operation

Command

Description

Configure local RADIUS

authentication server

local-server nas-ip

ip-address key password

Required
By default, local RADIUS

authentication server is

configured with an NAS IP

address of 127.0.0.1.

Caution:

z

If you adopt the local RADIUS authentication server function, the UDP port number
of the authentication/authorization server must be 1645, the UDP port number of the
accounting server must be 1646, and the IP addresses of the servers must be set to
the addresses of this switch.

z

The message encryption key set by the local-server nas-ip ip-address key
password

command must be identical with the authentication/authorization

message encryption key set by the key authentication command in the RADIUS
scheme view of the RADIUS scheme on the specified NAS that uses this switch as
its authentication server.

z

Acting as local RADIUS authentication server, the switch can provide authentication
service to up to 16 network access servers (NAS) (including the switch itself) at the
same time.

1.4.10 Configuring the Timers of RADIUS Servers

After sending out a RADIUS request (authentication/authorization request or
accounting request) to a RADIUS server, the switch waits for a response from the
server. The maximum time that the switch can wait for the response is called the
response timeout time of RADIUS servers, and the corresponding timer in the switch
system is called the response timeout timer of RADIUS servers. If the switch gets no
answer within the response timeout time, it needs to retransmit the request to ensure
that the user can obtain RADIUS service.
For the primary and secondary servers (authentication/authorization servers, or
accounting servers) in a RADIUS scheme:
When the switch fails to communicate with the primary server due to some server
trouble, the switch will turn to the secondary server and exchange messages with the
secondary server.
After the primary server remains in the block state for a specific time (set by the timer
quiet

command), the switch will try to communicate with the primary server again when

it has a RADIUS request. If it finds that the primary server has recovered, the switch

Advertising
See also other documents in the category H3C Technologies Routers: