323
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring Communication with RADIUS
Note:
You must provide RADIUS servers with names that are unique. To prevent confusion,
D-Link recommends that RADIUS server names differ in ways other than case. For example,
avoid naming two servers
RS1
and
rs1
.
You can configure additional parameters with
set radius server
, such as the UDP ports used
for AAA services and the timeout period. You must configure RADIUS servers into server
groups before you can access them.
Deleting RADIUS Servers
To remove a RADIUS server from the configuration, use the following command:
clear radius server
server-name
Configuring RADIUS Server Groups
A server group is a named group of up to four RADIUS servers. Before you can use a RADIUS
server for authentication, you must first create a RADIUS server group and add the RADIUS
server to that group. You can also arrange load balancing, so that authentications are spread
out among servers in the group. You must declare
all
members of a server group, in contact
order, when you create the group.
Once the group is configured, you can use a server group name as the AAA method with the
set authentication
and
set accounting
commands.
Subsequently, you can change the members of a group or configure load balancing. If you
add or remove a RADIUS server in a server group, all the RADIUS dead timers for that server
group are reset to the global default.
Creating Server Groups
To create a server group, you must first configure the RADIUS servers with their addresses and
any optional parameters. After configuring RADIUS servers, type the following command:
set server group
group-name
members
server-name1
[
server-name2
] [
server-name3
]
[
server-name4
]
For example, to create a server group called
shorebirds
with the RADIUS servers
heron,
egret
, and
sandpiper
, type the following commands:
DWS-1008#
set radius server egret address 192.168.253.1 key apple
DWS-1008#
set radius server heron address 192.168.253.2 key pear
DWS-1008#
set radius server sandpiper address 192.168.253.3 key plum
DWS-1008#
set server group shorebirds members egret heron sandpiper
In this example, a request to
shorebirds
results in the RADIUS servers being contacted in
the order that they are listed in the server group configuration, first
egret
, then
heron
, then
sandpiper
. You can change the RADIUS servers in server groups at any time.