HP 5120 EI Switch Series Configuration Manual page 32

NOTE:

If both the primary and secondary authentication/authorization servers are specified, the secondary one is used
when the primary one is not reachable.

If redundancy is not required, specify only the primary RADIUS authentication/authorization server.

In practice, you may specify one RADIUS server as the primary authentication/authorization server, and up to
16 RADIUS servers as the secondary authentication/authorization servers, or specify a server as the primary
authentication/authorization server for a scheme and as the secondary authentication/authorization servers for
another scheme at the same time.

The IP addresses of the primary and secondary authentication/authorization servers for a scheme must be
different from each other. Otherwise, the configuration will fail.

All servers for authentication/authorization and accountings, primary or secondary, must use IP addresses of the
same IP version.
Specifying the RADIUS accounting servers and relevant parameters
You can specify one primary accounting server and up to 16 secondary accounting servers for a RADIUS
scheme. When the primary server is not available, a secondary server is used, if any. When redundancy
is not required, specify only the primary server.
By setting the maximum number of real-time accounting attempts for a scheme, you make the device
disconnect users for whom no accounting response is received before the number of accounting attempts
reaches the limit.
When the device receives a connection teardown request from a host or a connection teardown
notification from an administrator, it sends a stop-accounting request to the accounting server. You can
enable buffering of non-responded stop-accounting requests to allow the device to buffer and resend a
stop-accounting request until it receives a response or the number of stop-accounting attempts reaches the
configured limit. In the latter case, the device discards the packet.
Follow these steps to specify the RADIUS accounting servers and perform related configurations:
To do...
Enter system view
Enter RADIUS scheme view
Specify the primary RADIUS
accounting server
Specify the secondary RADIUS
accounting server
Enable the device to buffer
stop-accounting requests to
which no responses are
received
Set the maximum number of
stop-accounting attempts
Set the maximum number of
real-time accounting attempts
Use the command...
system-view
radius scheme radius-scheme-name
primary accounting { ip-address [ port-number
| key string ] * | ipv6 ipv6-address [ port-
number | key string ] * }
secondary accounting { ip-address [ port-
number | key string ] * | ipv6 ipv6-address [
port-number | key string ] * }
stop-accounting-buffer enable
retry stop-accounting retry-times
retry realtime-accounting retry-times
22
Remarks
—
—
Required
Configure at least one
command.
No accounting server is
specified by default.
Optional
Enabled by default
Optional
500 by default
Optional
5 by default