Home > 3Com > Router > 3Com Router User Manual

3Com Router User Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual 3Com Router User Manual. The 3Com manuals for Router are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 541

    Page 541 Configuring AAA and RADIUS537 The pool-number ranges from 0 to 99. Addresses in each address pool must be consecutive, and each address pool can have at most 256 addresses. Assigning an IP Address for a PPP UserFor a user accessing the Internet through remote PPP dialing, the system either specifies an address or allocates an unoccupied address selected from a local address pool to the user. Perform the following configurations in interface view. Ta b l e 605 Assign IP Address for PPP User By... 
    Configuring AAA and RADIUS537
The pool-number ranges from 0 to 99. Addresses in each address pool must be 
consecutive, and each address pool can have at most 256 addresses.
Assigning an IP Address 
for a PPP UserFor a user accessing the Internet through remote PPP dialing, the system either 
specifies an address or allocates an unoccupied address selected from a local 
address pool to the user.
Perform the following configurations in interface view.
Ta b l e 605   Assign IP Address for PPP User
By...

    Page 542

    Page 542 538CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL The Callback technique enhances security. In the processing of a Callback, the server calls the client according to the call number configured locally. This avoids security risks caused by leakage of user name or password. The server can also classify call-in requests according to its configuration as refuse call, accept call (no call back) or accept callback. This serves to exert different limitations upon different clients and take initiative in... 
    538CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL
The Callback technique enhances security. In the processing of a Callback, the 
server calls the client according to the call number configured locally. This avoids 
security risks caused by leakage of user name or password. The server can also 
classify call-in requests according to its configuration as refuse call, accept call (no 
call back) or accept callback. This serves to exert different limitations upon 
different clients and take initiative in...

    Page 543

    Page 543 Configuring AAA and RADIUS539 Ta b l e 609 Configure FTP User and the Usable Directory Authorize a User with Usable Service Types The services, which can be used by a user, are authorized in the local database. Presently there are five service types, which are listed as follows: ■exec refers to operations that include logging in to the router and configuring it via Telnet or other means (such as Console port, AUX port, X25PAD call, etc). ■exec-administrator: Authorized “administrator” user can use... 
    Configuring AAA and RADIUS539
Ta b l e 609   Configure FTP User and the Usable Directory
Authorize a User with Usable Service Types 
The services, which can be used by a user, are authorized in the local database. 
Presently there are five service types, which are listed as follows:
■exec refers to operations that include logging in to the router and configuring 
it via Telnet or other means (such as Console port, AUX port, X25PAD call, etc). 
■exec-administrator: Authorized “administrator” user can use...

    Page 544

    Page 544 540CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL ■When the RADIUS server used first does not respond, the succeeding servers are used in sequence. When the authentication or accounting port number is configured to 0, the client does not use the authentication or accounting function provided by the server. Ta b l e 611 Configure IP Address, Authentication Port Number and Accounting Port Number The default authentication port number is 1812. When configured as 0, this server is not used as an... 
    540CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL
■When the RADIUS server used first does not respond, the succeeding servers 
are used in sequence.
When the authentication or accounting port number is configured to 0, the client 
does not use the authentication or accounting function provided by the server.
Ta b l e 611   Configure IP Address, Authentication Port Number and Accounting Port 
Number 
The default authentication port number is 1812. When configured as 0, this server 
is not used as an...

    Page 545

    Page 545 Configuring AAA and RADIUS541 Configure the Request Retransmission Times If the RADIUS server fails to respond, the router sends the authentication request packet again periodically. If no RADIUS server response is received after the configured value of timeout, the authentication request packet needs to be transmitted again. The user can set the maximum number of times for the request retransmission, when the number of request retransmission exceed it, the system will consider the server fails to... 
    Configuring AAA and RADIUS541
Configure the Request Retransmission Times 
If the RADIUS server fails to respond, the router sends the authentication request 
packet again periodically. If no RADIUS server response is received after the 
configured value of timeout, the authentication request packet needs to be 
transmitted again. The user can set the maximum number of times for the request 
retransmission, when the number of request retransmission exceed it, the system 
will consider the server fails to...

    Page 546

    Page 546 542CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL By default, the real-time accounting packet is sent to the RADIUS server at an interval of 0 minutes, indicating that real-time accounting is disabled. The interval ranges from 0 to 32767 minutes. Displaying and Debugging AAA and RADIUSUse the debugging and display commands in all modes. Ta b l e 617 Display and debug AAA and RADIUS AAA and RADIUS Configuration Examples This section provides examples of using AAA and Radius within a network, with... 
    542CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL
By default, the real-time accounting packet is sent to the RADIUS server at an 
interval of 0 minutes, indicating that real-time accounting is disabled. The interval 
ranges from 0 to 32767 minutes.
Displaying and 
Debugging AAA and 
RADIUSUse the debugging and display commands in all modes.
Ta b l e 617   Display and debug AAA and RADIUS
AAA and RADIUS 
Configuration 
Examples This section provides examples of using AAA and Radius within a network, with...

    Page 547

    Page 547 AAA and RADIUS Configuration Examples 543 Figure 169 Networking diagram of typical AAA and RADIUS configuration 1Enable AAA and configure default authentication method list of PPP user. [Router]aaa-enable [Router]aaa authentication-scheme ppp default radius 2Configure IP address and port of RADIUS server. [Router]radius server 129.7.66.66 [Router]radius server 129.7.66.67 3Configure RADIUS server shared secret, retransmission times, and accounting option [Router] radius shared-key... 
    AAA and RADIUS Configuration Examples 543
Figure 169   Networking diagram of typical AAA and RADIUS configuration
1Enable AAA and configure default authentication method list of PPP user.
[Router]aaa-enable
[Router]aaa authentication-scheme ppp default radius 
2Configure IP address and port of RADIUS server.
[Router]radius server 129.7.66.66 
[Router]radius server 129.7.66.67 
3Configure RADIUS server shared secret, retransmission times, and accounting 
option
[Router] radius shared-key...

    Page 548

    Page 548 544CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL 3Configure RADIUS server [Router] radius server 129.7.66.66 authentication-port 1000 accounting-port 1001 [Router] radius server 129.7.66.67 4Configure RADIUS server shared secret, retransmission times, and time length of timeout timer [Router] radius shared-key this-is-my-secret [Router] radius retry 2 5Configure real-time accounting with interval of 5 minutes [Router] radius timer realtime-accounting 5 Authenticating an FTP Use r The authentication... 
    544CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL
3Configure RADIUS server
[Router] radius server 129.7.66.66 authentication-port 1000 
accounting-port 1001 
[Router] radius server 129.7.66.67
4Configure RADIUS server shared secret, retransmission times, and time length of 
timeout timer
[Router] radius shared-key this-is-my-secret
[Router] radius retry 2
5Configure real-time accounting with interval of 5 minutes
[Router] radius timer realtime-accounting 5
Authenticating an FTP 
Use
r
The authentication...

    Page 549

    Page 549 Troubleshooting AAA and RADIUS 545 unavailable. Moreover as the radius timer quiet command has not been configured (defaulted as 5 minutes), or a relative long dead-time has been configured, the system does not know that the server has recovered. Use undo radius server command to delete the original RADIUS server, and reconfigure it by radius server command to activate the server immediately. 5If none of the above operations work, check whether the RADIUS server has been configured correctly, and... 
    Troubleshooting AAA and RADIUS 545
unavailable. Moreover as the radius timer quiet command has not been 
configured (defaulted as 5 minutes), or a relative long dead-time has been 
configured, the system does not know that the server has recovered. Use 
undo 
radius server
 command to delete the original RADIUS server, and reconfigure it 
by 
radius server command to activate the server immediately.
5If none of the above operations work, check whether the RADIUS server has been 
configured correctly, and...

    Page 550

    Page 550 546CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL 
    546CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL
    Start reading 3Com Router User Manual

    Related Manuals for 3Com Router User Manual

    All 3Com manuals