320
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring Communication with RADIUS
Configuring Communication with RADIUS
RADIUS Overview
Remote Authentication Dial-In User Service (RADIUS) is a distributed client-server system.
RADIUS servers provide a repository for all usernames and passwords, and can manage
and store large groups of users.
RADIUS servers store user profiles, which include usernames, passwords, and other AAA
attributes. You can use authorization attributes to authorize users for a type of service, for
appropriate servers and network segments through VLAN assignments, for packet filtering
by access control lists (ACLs), and for other services during a session. You must include
RADIUS servers in a server group before you can access them.
Before You Begin
To ensure that you can contact the RADIUS servers you plan to use for authentication, send
the
ping
command to each one to verify connectivity.
ping
ip-address
You can then set up communication between the switch and each RADIUS server group.
Configuring RADIUS Servers
An authentication server authenticates each client with access to a switch port before making
available any services offered by the switch or the wireless network. The authentication server
can reside either in the local database on the switch or on a remote RADIUS server.
When a RADIUS server is used for authentication, you must configure RADIUS server
parameters. For each RADIUS server, you must, at a minimum, set the server name, the
password (key), and the IP address. You can include any or all of the other optional parameters.
You can set some parameters globally for the RADIUS servers.
For RADIUS servers that do not explicitly set their own dead time and timeout timers and
transmission attempts, MSS sets the following values by default:
• Dead time - 0 (zero) minutes (The switch does not designate unresponsive RADIUS
servers as unavailable.)
• Transmission attempts - 3
• Timeout (wait for a server response) - 5 seconds
When MSS sends an authentication or authorization request to a RADIUS server, MSS waits
for the amount of the RADIUS timeout for the server to respond. If the server does not
respond, MSS retransmits the request. MSS sends the request up to the number of retransmits
configured. (The retransmit setting specifies the total number of attempts, including the first
attempt.) For example, using the default values, MSS sends a request to a server up to three
times, waiting 5 seconds between requests.