beautypg.com

Switch to radius server communication – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1260

background image

RADIUS Introduction and Configuration

Software Reference for x310 Series Switches

46.10

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

Switch to RADIUS Server Communication

The RADIUS host is normally a multiuser system running RADIUS server software from a
software provider. Switch to RADIUS server communication has several components:

Host name or IP address

Authentication destination port

Accounting destination port

Timeout period

Retransmission value

Key string

RADIUS security servers are identified on the basis of their host name or IP address, host
name and specific UDP port numbers, or IP address and specific UDP port numbers. The
combination of the IP address and UDP port number creates a unique identifier, allowing
different ports to be individually defined as RADIUS hosts providing a specific AAA service.
This unique identifier enables RADIUS requests to be sent to multiple UDP ports on a
server at the same IP address.

A RADIUS server and a switch use a shared secret text string to encrypt passwords and
exchange responses. To configure RADIUS using the AAA security commands, you must
specify the host running the RADIUS server daemon and a secret text string that it shares
with the switch, which you can specify using the key parameter in the

radius-server host

command.

The timeout, retransmission, and encryption key values are configurable globally for all
RADIUS servers, on a per-server basis, or in some combination of global and per-server
settings. To apply these settings globally to all RADIUS servers communicating with the
switch, use the three global commands:

radius-server timeout

,

radius-server

retransmit

, and

radius-server key

. To apply these values on a specific RADIUS server, use

the

radius-server host

command.

Note

You can configure both global and per-server timeout, retransmission, and key
value commands simultaneously on the same Network Access Server.

If both global and per-server functions are configured on a switch, the per-
server timer, retransmission, and key value commands override global timer,
retransmission, and key value commands.

See also other documents in the category Allied Telesis Computer hardware: