Operation Manual – AAA-RADIUS-HWTACACS
H3C S3610&S5510 Series Ethernet Switches
Chapter 1 AAA/RADIUS/HWTACACS
Configuration
1-30
To do…
Use the command…
Remarks
Specify the unit for data
flows or packets to be sent
to a RADIUS server
data-flow-format
{
data
{
byte
|
giga-byte
|
kilo-byte
|
mega-byte
}
|
packet
{
giga-packet
|
kilo-packet
|
mega-packet
|
one-packet
} }*
Optional
The defaults are as
follows:
byte
for data flows, and
one-packet
for data
packets.
In RADIUS
scheme
view
nas-ip ip-address
quit
Set the
source IP
address of
the device
to send
RADIUS
packets
In system
view
radius nas-ip ip-address
Use either command
By default, the outbound
port serves as the source
IP address to send
RADIUS packets
Note:
z
Some earlier RADIUS servers cannot recognize usernames that contain an ISP
domain name, therefore before sending a username including a domain name to
such a RADIUS server, the device must remove the domain name. This command
is thus provided for you to decide whether to include a domain name in a username
to be sent to a RADIUS server.
z
If a RADIUS scheme defines that the username is sent without the ISP domain
name, do not apply the RADIUS scheme to more than one ISP domain, thus
avoiding the confused situation where the RADIUS server regards two users in
different ISP domains but with the same userid as one.
z
The
nas-ip
command in RADIUS scheme view is only for the current RADIUS
scheme, while the
radius nas-ip
command in system view is for all RADIUS
schemes. However, the
nas-ip
command in RADIUS scheme view overwrites the
configuration of the
radius nas-ip
command.
1.4.9 Setting Timers Regarding RADIUS Servers
There are three timers regarding RADIUS servers:
z
RADIUS server response timeout (
response-timeout
): If a NAS receives no
response from the RADIUS server in a period of time after sending a RADIUS
request (authentication/authorization or accounting request), it has to resend the
request so that the user has more opportunity to obtain the RADIUS service. The
NAS uses the RADIUS server response timeout timer to control the transmission
interval.
z
Primary server quiet timer (
timer quiet)
: If the primary server is not reachable, its
state changes to blocked, and the device will communicate with the secondary