324
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring Communication with RADIUS
Note:
Any RADIUS servers that do not respond are marked
dead
(unavailable) for a period
of time. The unresponsive server is skipped over, as though it did not exist, during its dead
time. Once the dead time elapses, the server is again a candidate for receiving requests. To
change the default dead-time timer, use the
set radius
or
set radius server
command.
Ordering Server Groups
You can configure up to four methods for authentication, authorization, and accounting (AAA).
AAA methods can be the local database on the switch and/or one or more RADIUS server
groups. You set the order in which the switch attempts the AAA methods by the order in which
you enter the methods in CLI commands.
In most cases, if the first method results in a pass or fail, the evaluation is final. If the first
method does not respond or results in an error, the switch tries the second method and so
on.
However, if the local database is the first method in the list, followed by a RADIUS server
group, the switch responds to a failed search of the database by sending a request to the
following RADIUS server group. This exception is called local override.
Configuring Load Balancing
You can configure the switch to distribute authentication requests across RADIUS servers in
a server group, which is called load balancing. Distributing the authentication process across
multiple RADIUS servers significantly reduces the load on individual servers while increasing
resiliency on a systemwide basis.
When you configure load balancing, the first client’s RADIUS requests are directed to the first
server in the group, the second client’s RADIUS requests are directed to the second server in
the group, and so on. When the last server in the group is reached, the cycle is repeated.
Note:
MSS attempts to send accounting records to one RADIUS server, even if load balancing
is configured.
To configure load balancing, use the following command:
set server group
group-name
load-balance enable
For example, to configure RADIUS servers
pelican
and
seagull
as the server group
swampbirds
with load balancing:
1.
Configure the members of a server group by typing the following command:
DWS-1008#
set server group swampbirds members pelican seagull
success: change accepted.
2.
Enable load balancing by typing the following command:
DWS-1008#
set server group swampbirds load-balance enable
success: change accepted.