5.4.2 Notes on using RADIUS servers

(1) Notes on specifying the hostname in RADIUS server settings

If you specify a RADIUS server by its host name, the following issues might occur if, for example, the switch is unable to connect to the DNS server to perform name resolution:

• When executing an operation command:

  • Command execution results are slow to appear.

  • Command output stops midstream, and then resumes following a brief pause.

  • The message Connection failed to 802.1X program. appears during IEEE 802.1X authentication.

  • The message Can't execute. appears during MAC-based or Web authentication.

• When executing a configuration command:

  • It might take some time to save the new configuration or for configuration changes to take effect.

• When an SNMP manager acquires MIB information for IEEE 802.1X:

  • Response times might be slow, or SNMP might time out while waiting for a response.

To avoid these issues, we recommend that you specify the RADIUS server by its IP address in IPv4 or IPv6 format. If you must specify a host name, make sure that the DNS server is available to respond to requests from the switch.

(2) Notes on Loss of Communication with RADIUS Servers in IEEE802.1X

With IEEE 802.1X, if the switch cannot communicate with the RADIUS server, or the RADIUS server specified by the radius-server host configuration command does not exist, each login request takes a long time to process. That is, the duration of a single login attempt will be equivalent to the timeout value specified by the radius-server timeout configuration command multiplied by the number of retries specified by the radius-server retransmit configuration command.

If you use multiple radius-server host configuration commands to specify multiple RADIUS servers, login requests will still take a long time to process when connectivity with the first configured RADIUS server is lost. This is because the terminal will always send requests to hosts in the order you specify them.

If such a situation occurs, halt the login process, and then use the radius-server host configuration command to configure a working RADIUS server. You can then resume the login process.