2-14z The authentication response sent from the RADIUS server to the RADIUS client carriesauthorization information. Therefore, you need not (and cannot) specify a separate RADIUSauthorization server.z In an actual network environment, you can specify one server as both the primary and secondaryauthentication/authorization servers, as well as specifying two RADIUS servers as the primary andsecondary authentication/authorization servers respectively.z The IP address and port number of the primary authentication server used by the default RADIUSscheme "system" are 127.0.0.1 and 1645.Configuring Ignorance of Assigned RADIUS Authorization AttributesA RADIUS server can be configured to assign multiple authorization attributes, such as authorizationVLAN and idle timeout. Some users may need the attributes but some users may not. Such conflictoccurs if the RADIUS server does not support user-based attribute assignment or it performs uniformeduser management.The RADIUS authorization attribute ignoring function can solve this issue. It is configured as perRADIUS scheme. Users using a RADIUS scheme with this function enabled can ignore certainunexpected attributes.As shown in Figure 2-1, NAS 1 and NAS 2 are connected to the same RADIUS server forauthentication. For easy management, the RADIUS server issues the same authorization attributes toall the users. However, users attached to NAS 1 need these attributes while users attached to NAS 2 donot want to use the assigned Attribute 28, idle-timeout. You can configure the attribute ignoring functionon NAS 2 to ignore Attribute 28.Figure 2-1 Network diagram for the RADIUS authorization attribute ignoring functionHost 1SwitchRADIUS serverHost 2IP networkNAS 1 NAS 2