Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

411

412

413

414

415

416

417

418

419

420

Configuring RADIUS Server Groups

18-6 Configuring Communication with RADIUS

Configuring RADIUS Server Groups

AservergroupisanamedgroupofuptofourRADIUSservers.BeforeyoucanuseaRADIUS

serverforauthentication,youmustfirstcreateaRADIUSservergroupandaddtheRADIUS

servertothatgroup.Youcanalsoarrangeloadbalancing,sothatauthenticationsarespreadout

among

serversinthegroup.Youmustdeclareallmembersofaservergroup,incontactorder,

whenyoucreatethegroup.

Oncethegroupisconfigured,youcanuseaservergroupnameastheAAAmethodwiththeset

authenticationandsetaccountingcommands.(SeeChapter 3,ConfiguringAAAfor



AdministrativeandLocalAccessandChapter 17,ConfiguringAAAforNetworkUsers.)

Subsequently,youcanchangethemembersofagrouporconfigureloadbalancing.

IfyouaddorremoveaRADIUSserverinaservergroup,alltheRADIUSdeadtimersforthat

servergroupareresettothe 

globaldefault.

Creating Server Groups

Tocreateaservergroup,youmustfirstconfiguretheRADIUSserverswiththeiraddressesand

anyoptionalparameters.AfterconfiguringRADIUSservers,typethefollowingcommand:

set server group group-name members server-name1 [server-name2] [server-name3]

[server-name4]

Example

TocreateaservergroupcalledshorebirdswiththeRADIUSserversheron,egret,andsandpiper,type

thefollowingcommands:

RBT-8100# set radius server egret address 192.168.253.1 key apple

RBT-8100# set radius server heron address 192.168.253.2 key pear

RBT-8100# set radius server sandpiper address 192.168.253.3 key plum

RBT-8100# set server group shorebirds members egret heron sandpiper

Inthisexample,arequesttoshorebirdsresultsintheRADIUSserversbeingcontactedintheorder

thattheyarelistedintheservergroupconfiguration,firstegret,thenheron,thensandpiper.Youcan

changetheRADIUSserversinservergroupsatanytime.(See“AddingMemberstoa

Server

Group”onpage 18‐7.)

Ordering Server Groups

Youcanconfigureuptofourmethodsforau thentication,authorization,andaccounting(AAA).

AAAmethodscanbethelocaldatabaseontheRoamAboutswitchand/oroneormoreRADIUS

servergroups.YousettheorderinwhichtheRoamAboutswitchattemptstheAAAmethodsby

theorderinwhichyouenter

themethodsinCLIcommands.

Inmostcases,ifthefirstmethodresultsinapassorfail,theevaluationisfinal.Ifthefirstmethod

doesnotrespondorresultsinanerror,theRoamAboutswitchtriesthesecondmethodandsoon.

Note: Any RADIUS servers that do not respond are marked dead (unavailable) for a period of time.

The unresponsive server is skipped over, as though it did not exist, during its dead time. Once the

dead time elapses, the server is again a candidate for receiving requests. To change the default

dead-time timer, use the set radius or set radius server command.