260
C
HAPTER
21: AAA C
ONFIGURATION
the switch can provide authentication service to up to 16 network access
servers (including the switch itself) at the same time.
■
When acting as the local RADIUS authentication server, the switch does not
support EAP authentication.
Configuring Timers for
RADIUS Servers
After sending out a RADIUS request (authentication/authorization request or
accounting request) to a RADIUS server, the switch waits for a response from the
server. The maximum time that the switch can wait for the response is called the
response timeout time of RADIUS servers, and the corresponding timer in the
switch system is called the response timeout timer of RADIUS servers. If the switch
gets no answer within the response timeout time, it needs to retransmit the
request to ensure that the user can obtain RADIUS service.
For the primary and secondary servers (authentication/authorization servers, or
accounting servers) in a RADIUS scheme:
When the switch fails to communicate with the primary server due to some server
trouble, the switch will turn to the secondary server and exchange messages with
the secondary server.
After the primary server remains in the
block
state for a specific time (set by the
timer quiet
command), the switch will try to communicate with the primary
server again when it has a RADIUS request. If it finds that the primary server has
recovered, the switch immediately restores the communication with the primary
server instead of communicating with the secondary server, and at the same time
restores the status of the primary server to
active
while keeping the status of the
secondary server unchanged.
To control the interval at which users are charged in real time, you can set the
real-time accounting interval. After the setting, the switch periodically sends
online users’ accounting information to RADIUS server at the set interval.
Table 199
Set timers for RADIUS servers
Operation
Command
Remarks
Enter system view
system-view
-
Create a RADIUS scheme and
enter its view
radius scheme
radius-scheme-name
Required
By default, a RADIUS scheme
named "system" has already
been created in the system.
Set the response timeout time
of RADIUS servers
timer response-timeout
seconds
Optional
By default, the response
timeout time of RADIUS
servers is three seconds.
Set the time that the switch
waits before it try to
re-communicate with primary
server and restore the status
of the primary server to active
timer quiet
minutes
Optional
By default, the switch waits
five minutes before it restores
the status of the primary
server to active.
Set the real-time accounting
interval
timer realtime-accounting
minutes
Optional
By default, the real-time
accounting interval is 12
minutes.
Содержание Switch 4210 9-Port
Страница 10: ...Password Control Configuration 556 Displaying Password Control 563 Password Control Configuration Example 564 ...
Страница 22: ...20 CHAPTER 1 CLI CONFIGURATION ...
Страница 74: ...72 CHAPTER 3 CONFIGURATION FILE MANAGEMENT ...
Страница 84: ...82 CHAPTER 5 VLAN CONFIGURATION ...
Страница 96: ...94 CHAPTER 8 IP PERFORMANCE CONFIGURATION ...
Страница 108: ...106 CHAPTER 9 PORT BASIC CONFIGURATION ...
Страница 122: ...120 CHAPTER 11 PORT ISOLATION CONFIGURATION ...
Страница 140: ...138 CHAPTER 13 MAC ADDRESS TABLE MANAGEMENT ...
Страница 234: ...232 CHAPTER 17 802 1X CONFIGURATION ...
Страница 246: ...244 CHAPTER 20 AAA OVERVIEW ...
Страница 270: ...268 CHAPTER 21 AAA CONFIGURATION ...
Страница 292: ...290 CHAPTER 26 DHCP BOOTP CLIENT CONFIGURATION ...
Страница 318: ...316 CHAPTER 29 MIRRORING CONFIGURATION ...
Страница 340: ...338 CHAPTER 30 CLUSTER ...
Страница 362: ...360 CHAPTER 33 SNMP CONFIGURATION ...
Страница 368: ...366 CHAPTER 34 RMON CONFIGURATION ...
Страница 450: ...448 CHAPTER 39 TFTP CONFIGURATION ...
Страница 451: ......
Страница 452: ...450 CHAPTER 39 TFTP CONFIGURATION ...
Страница 470: ...468 CHAPTER 40 INFORMATION CENTER ...
Страница 496: ...494 CHAPTER 44 DEVICE MANAGEMENT ...