3Com Switch 8800 Configuration Guide
Chapter 40 AAA and RADIUS/ Protocol Con
figuration
40-15
4 RADIUS servers, or specify one of the two servers as primary
authentication/authorization server and secondary accounting server and the other one
as secondary authentication/authorization server and primary accounting server, or
you may also set 4 groups of exactly same data so that every server serves as a
primary and secondary AAA server.
To guarantee the normal interaction between NAS and RADIUS server, you are
supposed to guarantee the normal routes between RADIUS/ server and
NAS before setting IP address and UDP port of the RADIUS/ server. In
addition, because RADIUS/ protocol uses different UDP ports to
receive/transmit authentication/authorization and accounting packets, you shall set two
different ports accordingly. Suggested by RFC2138/2139, authentication/authorization
port number is 1812 and accounting port number is 1813. However, you may use
values other than the suggested ones. (Especially for some earlier RADIUS/
Servers, authentication/authorization port number is often set to 1645 and accounting
port number is 1646.)
The RADIUS/ service port settings on the Switch 8800 are supposed to be
consistent with the port settings on the RADIUS server. Normally, RADIUS accounting
service port is 1813 and the authentication/authorization service port is 1812.
Note:
For a Switch 8800, the default RADIUS scheme authentication/authorization port is
1645, the accounting port is 1646. And port 1812 and 1813 are for other schemes.
40.3.3 Setting the RADIUS Packet Encryption Key
RADIUS client (switch system) and RADIUS server use MD5 algorithm to encrypt the
exchanged packets. The two ends verify the packet through setting the encryption key.
Only when the keys are identical can both ends to accept the packets from each other
end and give response.
You can use the following commands to set the encryption key for RADIUS packets.
Perform the following configuration in RADIUS scheme view.
Table 40-12
Set RADIUS packet encryption key
Operation
Command
Set RADIUS authentication/authorization packet
encryption key
key
authentication
string
Restore the default RADIUS
authentication/authorization packet encryption key
undo key
authentication