Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

411

412

413

414

415

416

417

418

419

420

Configuring RADIUS Servers

RoamAbout Mobility System Software Configuration Guide 18-3

Configuring RADIUS Servers

Anauthenticationserverauthenticateseachclientwithaccesstoaswitchportbeforemaking

availableanyservicesofferedbytheswitchorthewirelessnetwork.Theauthenticationservercan

resideeitherinthelocaldatabaseontheRoamA boutswitchoronaremoteRADIUSserver.

WhenaRADIUSserverisused

forauthentication,youmustconfigureRADIUSserver

parameters.ForeachRADIUSserver,youmust,ataminimum,settheservername,thepassword

(key),andtheIPaddress.Youcanincludeanyoralloftheotheroptionalparameters.Youcanset

someparametersgloballyfortheRADIUSservers.

ForRADIUS

serversthatdonotexplicitlysettheirowndeadtimeandtimeouttimersand

transmissionattempts,MSSsetsthefollowingvaluesbydefault:

•Deadtime—0(zero)minutes(TheRoamAboutswitchdoesnotdesignateunresponsive

RADIUSserversasunavailable.)

• Transmissionattempts—3

•Timeout(RoamAboutswitchwaitforaserverresponse)—5 seconds

WhenMSSsendsanauthentication

orauthorizationrequesttoaRADIUSserver,MSSwaitsfor

theamountoftheRADIUStimeoutfortheservertorespond.Iftheserverdoesnotre spond,MSS

retransmitstherequest.MSSsend stherequestuptothenumberofretransmitsconfigured.(The

retransmitsettingspecifiesthetotalnumberof

attempts,includingthefirstattempt.)Forexample,

usingthedefaultvalues,MSSsendsarequesttoaserveruptothreetimes,waiting5seconds

betweenrequests.

Ifaserverdoesnotrespondbeforethelastrequestattempttimesout,MSSholdsdownfurther

requeststotheserver,fortheduration

ofthedeadtime.Forexample,ifyousetthedeadtimeto5

minutes,MSSstopssendingrequeststotheunresponsiveserverfor5minutesbeforereattempting

tousetheserver.

Duringtheholddown,itisasifthedeadRADIUSserverdoesnotexist.MSSskipsoveranydead

RADIUSserverstothenextliveserver,orontothenextmethodifnomoreliveserversare

available,dependingonyourconfiguration.Forexample,ifaRADIUSservergroupistheprimary

authenticationmethodandlocalisthesecondarymethod,MSSfailsovertothelocalmethodifall



RADIUSserversintheservergroupareunresponsiveandhaveenteredthedeadtime.

Forfailoverauthenticationorauthorizationtoworkpromptly,EnterasysNetworksrecommends

thatyouchangethedeadtimetoavalueotherthan0.Withthedefaultsetting,thedeadtimeis

neverinvokedandMSSdoesnot

holddownrequeststounresponsiveRADIUSservers.Instead,

MSSattemptstosendeachnewauthenticationorauthorizationrequesttoaserverevenifthe

serveristhoughttobeunresponsive.Thisbehaviorcancauseauthenticationorauthorization

failuresonclientsbecauseMSSdoesnotfailovertothelocalmethod

soonenoughandtheclients

eventuallytimeout.