Radius configuration example, Network requirements – H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 447

38-12

Item

Description

EAP Offload Function

Enable or disable the EAP offload function.

Some RADIUS servers do not support EAP authentication, that is, do not
support processing EAP packets. In this case, it is necessary to
preprocess EAP packets sent from clients on the access device. The
preprocessing of EAP packets is referred to as EAP offload for RADIUS.

After receiving an EAP packet, the access device enabled with the EAP
offload function will first convert the authentication information in the EAP
packet into the corresponding RADIUS attributes through the local EAP
server, and then encapsulate the EAP packet into a RADIUS request and
send the request to the RADIUS server for authentication. When the
RADIUS server receives the request, it will analyze the carried
authentication information, encapsulate the authentication result in a
RADIUS packet, and then send the packet to the local EAP server on the
access device for subsequent interaction with the client.

Because the EAP packet preprocessing is implemented through the local
EAP authentication server, it is required to configure the local EAP
authentication server on the access device and specify the EAP
authentication method as PEAP-MSCHAPv2. Refer to

Local EAP

Service

Table 38-6 Relationship between the real-time accounting interval and the number of users

Number of users

Real-time accounting interval (in minutes)

1 to 99

100 to 499

500 to 999

ú1000

ú15

Return to

RADIUS configuration task list