Specifications
Configuring RADIUS-Snooping
June 03, 2011 Page 6 of 12
Configuring RADIUS-Snooping
ThissectionprovidesdetailsfortheconfigurationofRADIUS‐SnoopingontheEnterasysmodular
switchproducts.
Table 1listsRSparametersandtheirdefaultvalues.
Configuring RADIUS-Snooping on the Distribution-Tier Switch
Procedure 1describeshowtoconfigureRADIUS‐Snoopingonthedistribution‐tierswitch.
Table 1 Default Authentication Parameters
Parameter Description Default Value
authallocated Specifies the maximum number of
allowed RS sessions from all RADIUS
clients, on a per port basis.
8, 128, or 256 depending upon the
system license for this device
drop Specifies traffic drop behavior for this
port.
Disabled
enable/disable Enables or disables RS on the
distribution-tier switch in a system
context or on this port in a port context.
Enables or disables packet drop in a
port context.
Disabled
Global MultiAuth mode Specifies the global MultiAuth mode. Strict
index The numeric ID of a
RADIUS-Snooping flow table entry.
None
MultiAuth port mode Specifies the MultiAuth authentication
mode on a per port basis.
Auth-opt
RADIUS-Snooping
timeout
Specifies the number of seconds that
the firmware waits, from the time it
successfully snoops a RADIUS
request frame, for a RADIUS response
frame from the RADIUS server, before
terminating the session.
20 seconds
secret Specifies the RADIUS secret for this
RADIUS-Snooping flow table entry.
No secret
UDP port/standard Specifies the RADIUS UDP port.
Standard refers to the default value.
1812
Procedure 1 RADIUS-Snooping Configuration
Step Task Command(s)
1. Globally enable MultiAuth for multi mode. set multiauth mode multi
2. Configure each upstream and downstream port
for the auth-opt mode.
set multiauth port mode auth-opt port-string
3. Globally enable RADIUS-Snooping on the
distribution-tier switch.
set radius-snooping enable