Specifications
23-13
Managing Access Server Security
Optional Setup for RADIUS
You can use the commands in the following examples to configure additional
security parameters for RADIUS servers. The commands in these examples define
a RADIUS server accounting node, the maximum timeout period for RADIUS
server reply, and the interval between retries of an authentication request.
• The following command defines a RADIUS server accounting node:
Local> CHANGE RADIUS REALM JONAS.COM ACCOUNTING HOST ip-addr
• This command defines the maximum timeout for RADIUS server reply:
Local> CHANGE RADIUS TIMEOUT seconds
• This command defines how much time elapses before using an alternate
server:
Local> CHANGE RADIUS INTERVAL seconds
Setting the INTERVAL variable defines the time period (in seconds) that the
system is to wait before repeating an authentication request to an alternate
authentication server.
• This command causes the realm name to be included as part of a user name
sent to the RADIUS server:
Local> CHANGE RADIUS REALM JONAS.COM INCLUDE
Realm name inclusion is used for RADIUS proxy authentication service.
Reference
See the Cabletron Network Access Software Command Reference guide for more
information on these commands.
Example: Including the Realm Name
If your realm name has to be included when the access server sends messages to
the RADIUS server, issue the command shown in the following example:
Local> CHANGE RADIUS REALM JONAS.COM INCLUDE
For most usage, you will not want to include the realm name. If you do, each
entry in the RADIUS server’s users file will have to appear as “user-name@realm-
name” instead of simply “user-name”.
If a user has to be called back, this value is derived from User-Service-Type when
specified. If it is not specified, then realm defaults/port defaults can apply: