Specifications

ManualsBrandsEnterasys ManualsComputer equipmentN Standalone (NSA) Series

281

282

283

284

285

286

287

288

289

290

RADIUS-Snooping Configuration Example

June 03, 2011 Page 9 of 12

WefirstsettheglobalMultiAuthmodetomultionthedistribution‐tierswitch.Wethensetthe

MultiAuthauthenticationmodetoauth‐optfortheupstream(ge.1.5‐10)anddow n stream

(ge.1.15‐24)ports.

WiththeMultiAuthsettingsconfigured,weenableRADIUS‐Snoopingatthesystemlevelforthe

distribution‐

tierswitch.WethenenableRADIUS‐Snoopingonthetwosetsofportsoverwhichall

RADIUS‐Snoopingrequestandresponseframeswilltransit.Inthesamecommandlinewe:

•Settheporttimeouttothesystemtimeoutvalue(0)

•Enabledroponallports

•SetthemaximumnumberofRS

sessionsperportto256

WethenconfigurethetwoflowsasspecifiedaboveforUDPport1812andasecretofmysecret.

Wecompletetheconfigurationbychangingthetimeoutvalueatthesystemlevelto15seconds

fromadefaultof20seconds.

Configure the Distribution-tier Switch

SettheMultiAuthmodeforthesystem

System(su)->set multiauth mode multi

SettheMultiAuthauthenticationmodeforeachport

System(su)->set multiauth port mode auth-opt ge.1.5-10,15-24

EnableRSonthissystem:

System(su)->set radius-snooping enable

EnableRSandsetconfigurationforportsonthissystem

System(su)->set radius-snooping port enable drop enabled authallocated 256

ge.1.5-10

System(su)->set radius-snooping port enable drop enabled authallocated 256

ge.1.15-24

ConfigureRSflowtableentries

System(su)->set radius-snooping flow 1 10.10.10.10 50.50.50.50 1812 mysecret

System(su)->set radius-snooping flow 2 10.10.10.20 50.50.50.60 1812 mysecret

ConfigureRStimeoutforthissystem

System(su)->set radius-snooping timeout 15

Managing RADIUS-Snooping on the Distribution-tier Switch

Terminateanactivesessiononportge.1.15:

System(su)->set radius-snooping initialize port ge.1.15

ResetallRSconfigurationtoitsdefaultvalue:

System

(su)->clear radius-snooping all

Clearentryindex2fromtheRSflowtable:

System

(su)->clear radius-snooping flow 2