Use this command to enable RS on all or the specified port(s).
| enable | disable | (Optional) Enables or disables RS functionality on the specified port(s). Disabled by default. |
| timeout seconds | (Optional) Specifies the number of seconds the firmware waits for a RADIUS response frame after it successfully snoops a RADIUS request frame. The timeout timer defaults to 0 seconds (unset). When 0 seconds is configured, the firmware uses the system level timeout value. |
| drop {enable | disable} | (Optional) Sets the RADIUS traffic drop behavior for this port. Disabled by default (S-, K-Series). |
| authallocated number | (Optional) Sets the number of RS sessions allowed on a per port basis. Default value is 8 on the 7100-Series. On the S- and K-Series the default value is 8, 128, or 256 depending upon the system license for this device. |
| port-string | (Optional) Enables RS for the specified port(s). |
If no timeout value is specified, the global timeout value specified in the set radius-snooping timeout command is used.
If no parameters are specified, RADIUS snooping is enabled on all ports.
All command modes.
If the timeout timer expires, the affected session is terminated. If timeout is set to 0, the global timeout is used.
Set the authallocated value equal to or less than the configured value for set multiauth port numusers. This value is the maximum number of users per port for all authentication clients.
In some cases, on the S- and K-Series, it may be necessary to drop RADIUS traffic in order to maintain session consistency between the distribution tier device and the edge switches. Packets are always dropped for a resource issue situation. With drop enabled, frames with an invalid calling station ID are also dropped.
This example enables RS on ports ge.1.10 through ge.1.15, sets the timeout to 15 seconds and enables drop:
System(rw)->set radius-snooping enable timeout 15 drop enable ge.1.10-15
Print
this page
Email this topic
Feedback
View PDF
Download EPUB