Service Manual

ManualsBrandsDell ManualsAccess PlatformsOS9

771

772

773

774

775

776

777

778

779

780

CONFIGURATION mode

radius-server deadtime seconds

○ seconds: the range is from 0 to 2147483647. The default is 0 seconds.

● Configure a key for all RADIUS communications between the system and RADIUS server hosts.

CONFIGURATION mode

radius-server key [encryption-type] key

○ encryption-type: enter 7 to encrypt the password. Enter 0 to keep the password as plain text.

○ key: enter a string. The key can be up to 42 characters long. You cannot use spaces in the key.

● Configure the number of times Dell EMC Networking OS retransmits RADIUS requests.

CONFIGURATION mode

radius-server retransmit retries

○ retries: the range is from 0 to 100. Default is 3 retries.

● Configure the time interval the system waits for a RADIUS server host response.

CONFIGURATION mode

radius-server timeout seconds

○ seconds: the range is from 0 to 1000. Default is 5 seconds.

To view the configuration of RADIUS communication parameters, use the show running-config command in EXEC

Privilege mode.

Monitoring RADIUS

To view information on RADIUS transactions, use the following command.

● View RADIUS transactions to troubleshoot problems.

EXEC Privilege mode

debug radius

Support for Change of Authorization and Disconnect Messages

packets

The Network Access Server (NAS) uses RADIUS to authenticate AAA or dot1x user-access to the switch. The RADIUS service

does not support unsolicited messages sent from the RADIUS server to the NAS.

However, there are many instances in which it is desirable for changes to be made to session characteristics, without requiring

the NAS to initiate the exchange. For example, it may be desirable for administrators to be able to terminate user sessions in

progress.

Alternatively, if the user changes authorization level, this change may require that authorization attributes be added or deleted

from the user sessions.

To overcome these limitations, Dell EMC Networking OS provides RADIUS extension commands in order to enable unsolicited

messages to be sent to the NAS. These extension commands provide support for Disconnect Messages (DMs) and Change-of-

Authorization (CoA) packets. DMs cause user sessions to be terminated immediately; whereas, CoA packets modify session

authorization attributes such as VLAN IDs, user privileges, and so on.

Change of Authorization (CoA) packets

Using the CoA packets, the NAS can handle authorization of dot1x sessions by processing the following requests from the

Dynamic Authorization Client (DAC): Re-authentication of the supplicant, Port disable, and Port bounce.

The CoA packets constitute one message request (CoA request) and one of the following two possible responses:

● Change of Authorization Acknowledgement (CoA-Ack) - If the authorization state change is successful, then NAS sends a

CoA-Ack.

776

Security