3Com Switch 4200G Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8108fl Redundant Switch Fabric Module

191

192

193

194

195

196

197

198

199

200

186 CHAPTER 23: AAA&RADIUS CONFIGURATION

The user re-authentication upon device restart function is designed to resolve the

above problem. After this function is enabled, every time the switch restarts:

1 The switch generates an Accounting-On packet, which mainly contains the following

information: NAS-ID, NAS-IP address (source IP address), and session ID.

2 The switch sends the Accounting-On packet to CAMS at regular intervals.

3 Once the CAMS receives the Accounting-On packet, it sends a response to the

switch. At the same time it finds and deletes the original online information of the

users who access the network through the switch before the restart according to the

information contained in this packet (NAS-ID, NAS-IP address and session ID), and

ends the accounting of the users based on the last accounting update packet.

4 Once the switch receives the response from the CAMS, it stops sending other

Accounting-On packets.

5 If the switch does not receives any response from the CAMS after the number of the

Accounting-On packets it has sent reaches the configured maximum number, it does

not send any more Accounting-On packets.

The switch can automatically generate the main attributes (NAS-ID, NAS-IP address

and session ID) in the Accounting-On packets. However, you can also manually

configure the NAS-IP address with the nas-ip command. If you choose to manually

configure the attribute, be sure to configure an appropriate and legal IP address. If

this attribute is not configured, the switch will automatically use the IP address of the

VLAN interface as the NAS-IP address.

Displaying

AAA&RADIUS

Information

After the above configurations, you can execute the display commands in any view

to view the operation of AAA and RADIUS and verify your configuration.

You can use the reset command in user view to clear the corresponding statistics.

Table 153 Enable the user re-authentication upon device restart function

Operation Command Description

Enter system view system-view —

Enter RADIUS scheme

view

radius scheme

radius-scheme-name

—

Enable the user

re-authentication upon

device restart function

accounting-on enable [

send times | interval

interval ]

By default, this function is disabled, and

the system can send at most 15

Accounting-On packets consecutively at

intervals of three seconds.

Table 154 Display AAA information

Operation Command

Display the configuration information

about one specific or all ISP domains

display domain [ isp-name ]

Display the information about specified

or all user connections

display connection [ access-type { dot1x |

mac-authentication } | domain isp-name | interface

interface-type interface-number | ip ip-address | mac

mac-address | radius-scheme radius-scheme-name |

vlan vlan-id | ucibindex ucib-index | user-name

user-name ]

Display the information about specified

or all local users

display local-user [ domain isp-name | idle-cut

{ disable | enable } | vlan vlan-id | service-type { ftp |

lan-access | ssh | telnet | terminal } | state { active |

block } | user-name user-name ]