HP 5120 SI Series Security Configuration Manual page 34

To do...
Specify the primary RADIUS
authentication/authorization
server
Specify the secondary RADIUS
authentication/authorization
server
NOTE:
If both the primary and secondary authentication/authorization servers are specified, the secondary
•
one is used when the primary one is not reachable.
If redundancy is not required, specify only the primary RADIUS authentication/authorization server.
•
• In practice, you may specify one RADIUS server as the primary authentication/authorization server, and
up to 16 RADIUS servers as the secondary authentication/authorization servers, or specify a server as
the primary authentication/authorization server for a scheme and as the secondary
authentication/authorization servers for another scheme at the same time.
The IP addresses of the primary and secondary authentication/authorization servers for a scheme must
•
be different from each other. Otherwise, the configuration will fail.
All servers for authentication/authorization and accountings, primary or secondary, must use IP
•
addresses of the same IP version.
Specifying the RADIUS accounting servers and relevant parameters
You can specify one primary accounting server and up to 16 secondary accounting servers for a RADIUS
scheme. When the primary server is not available, a secondary server is used, if any. When redundancy
is not required, specify only the primary server.
By setting the maximum number of real-time accounting attempts for a scheme, you make the device
disconnect users for whom no accounting response is received before the number of accounting attempts
reaches the limit.
When the device receives a connection teardown request from a host or a connection teardown
notification from an administrator, it sends a stop-accounting request to the accounting server. You can
enable buffering of non-responded stop-accounting requests to allow the device to buffer and resend a
stop-accounting request until it receives a response or the number of stop-accounting attempts reaches
the configured limit. In the latter case, the device discards the packet.
Follow these steps to specify the RADIUS accounting servers and perform related configurations:
To do...
Enter system view
Enter RADIUS scheme view
Specify the primary RADIUS
accounting server
Specify the secondary RADIUS
accounting server
Use the command...
primary authentication { ipv4-address | ipv6
ipv6-address } [ port-number | key [ cipher |
simple ] key | probe username name [ interval
interval ] ] *
secondary authentication { ipv4-address | ipv6
ipv6-address } [ port-number | key [ cipher |
simple ] key | probe username name [ interval
interval ] ] *
Use the command...
system-view
radius scheme radius-scheme-name
primary accounting { ipv4-address | ipv6
ipv6-address } [ port-number | key [ cipher |
simple ] key ] *
secondary accounting { ipv4-address | ipv6
ipv6-address } [ port-number | key [ cipher |
simple ] key ] *
22
Remarks
Required
Configure at least one
command.
No
authentication/authorizat
ion server is specified by
default.
Remarks
—
—
Required
Configure at least one
command.
No accounting server is
specified by default.