What should be noticed when the device connects to a Symantec RADIUS server

20

The Symantec RADIUS server can only be used as an authentication server, but cannot be used as an authorization or accounting server. When the device connects to a Symantec RADIUS server, ensure that the RADIUS server is not configured as an authorization or accounting server.
When the Symantec RADIUS server performs 802.1x authentication for users, perform the following configurations on the device:
Run the undo dot1x handshake command to disable handshake between the device and 802.1x online users.
Run the dot1x authentication-method eap command to configure EAP relay authentication for 802.1x users.

Other related questions:
What should be noticed when S series switches connect to Symantec RADIUS servers
When connecting an S series switch (except the S1700 switch) to a Symantec RADIUS server, take the following precautions: �?The Symantec RADIUS server can only be used as an authentication server, but cannot be used as an authorization or accounting server. Ensure that the RADIUS server is not configured as an authorization or accounting server. �?When the Symantec RADIUS server performs 802.1x authentication for users, perform the following configurations on the switch. a. Run the undo dot1x handshake command to disable handshake between the switch and 802.1x online users. b. Run the dot1x authentication-method eap command to configure EAP relay authentication for 802.1x users.

What should be noticed when the device connects to a Leagsoft RADIUS server
When the NAS-IP of the RADIUS client (device) is configured on the Leagsoft RADIUS server, the MAC address of the device also needs to be configured.

What should be noticed when the device connects to a Ruijie RADIUS server
If you want to view the MAC addresses or IP addresses of online users on a Ruijie RADIUS server, set the device type to H3C or Digital China on the RADIUS server.

What should be noticed when the device connects to an H3C iMC RADIUS server
When the device connects to an H3C iMC RADIUS server to perform authentication, authorization, or accounting for 802.1x users, configure security check policies (for example, check whether the 802.1x client has two network cards and whether the 802.1x client version is correct) on the RADIUS server to improve security. In addition, perform the following operations on the device: 1. Configure RADIUS accounting. 2. Run the dot1x authentication-method eap command to configure EAP relay authentication for 802.1x users. 3. Run the dot1x eap-notify-packet eap-code 10 data-type 25 command to configure the device to return the EAP packets with type value of 10 and data type of 25 to the RADIUS server. 4. Run the radius-attribute translate HW-Up-Priority HW-User-Information receive command to convert the HW-Up-Priority attribute in the received RADIUS packets into HW-User-Information. 5. If the RADIUS server needs to dynamically authorize AAA users, the attributes delivered by security check policy may be different from the attributes delivered by dynamic authorization. Therefore, run the authorization-modify mode modify command to set the update mode for user authorization information delivered by the RADIUS server to Modify. After the command is executed, the attributes delivered by dynamic authorization will not overwrite the attributes delivered by security check policy.

What should be noticed when S series switches connect to Leagsoft RADIUS servers
When the NAS-IP of a RADIUS client (an S series switch) is configured on a Leagsoft RADIUS server, the MAC address of the switch also needs to be configured.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top