set radius-snooping port

Use this command to enable RS on all or the specified port(s).

Syntax

set radius-snooping port [enable | disable] [timeout seconds] [drop {enable | disable}] [authallocated number] [port-string]

Parameters

enable | disable (Optional) Enables or disables RS functionality on the specified port(s). Disabled by default.
timeout seconds (Optional) Specifies the number of seconds the firmware waits for a RADIUS response frame after it successfully snoops a RADIUS request frame. The timeout timer defaults to 0 seconds (unset). When 0 seconds is configured, the firmware uses the system level timeout value.
drop {enable | disable} (Optional) Sets the RADIUS traffic drop behavior for this port. Disabled by default (S-, K-Series).
authallocated number (Optional) Sets the number of RS sessions allowed on a per port basis. Default value is 8 on the 7100-Series. On the S- and K-Series the default value is 8, 128, or 256 depending upon the system license for this device.
port-string (Optional) Enables RS for the specified port(s).

Defaults

If no timeout value is specified, the global timeout value specified in the set radius-snooping timeout command is used.

If no parameters are specified, RADIUS snooping is enabled on all ports.

Mode

All command modes.

Usage

If the timeout timer expires, the affected session is terminated. If timeout is set to 0, the global timeout is used.

Set the authallocated value equal to or less than the configured value for set multiauth port numusers. This value is the maximum number of users per port for all authentication clients.

In some cases, on the S- and K-Series, it may be necessary to drop RADIUS traffic in order to maintain session consistency between the distribution tier device and the edge switches. Packets are always dropped for a resource issue situation. With drop enabled, frames with an invalid calling station ID are also dropped.

Example

This example enables RS on ports ge.1.10 through ge.1.15, sets the timeout to 15 seconds and enables drop:

System(rw)->set radius-snooping enable timeout 15 drop enable ge.1.10-15