HP 3600 v2 Series Security Configuration Manual page 33

To do...
Enter system view
Enter RADIUS scheme view
Specify the primary RADIUS
authentication/authorization
server
Specify the secondary RADIUS
authentication/authorization
server
NOTE:
The IP addresses of the primary and secondary authentication/authorization servers for a scheme must
•
be different from each other. Otherwise, the configuration will fail.
• All servers for authentication/authorization and accountings, primary or secondary, must use IP
addresses of the same IP version.
You can specify a RADIUS authentication/authorization server as the primary
•
authentication/authorization server for one scheme and as the secondary authentication/authorization
server for another scheme at the same time.
Specifying the RADIUS accounting servers and the relevant parameters
You can specify one primary accounting server and up to 16 secondary accounting servers for a RADIUS
scheme. When the primary server is not available, a secondary server is used, if any. When redundancy
is not required, specify only the primary server.
By setting the maximum number of real-time accounting attempts for a scheme, you make the switch
disconnect users for whom no accounting response is received before the number of accounting attempts
reaches the limit.
When the switch receives a connection teardown request from a host or a connection teardown
notification from an administrator, it sends a stop-accounting request to the accounting server. You can
enable buffering of non-responded stop-accounting requests to allow the switch to buffer and resend a
stop-accounting request until it receives a response or the number of stop-accounting attempts reaches
the configured limit. In the latter case, the switch discards the packet.
Follow these steps to specify RADIUS accounting servers and set relevant parameters for a scheme:
To do...
Enter system view
Enter RADIUS scheme view
Specify the primary RADIUS
accounting server
Use the command...
system-view
radius scheme radius-scheme-name
primary authentication { ip-address | ipv6
ipv6-address } [ port-number | key [ cipher |
simple ] key | vpn-instance vpn-instance-name ]
*
secondary authentication { ip-address | ipv6
ipv6-address } [ port-number | key [ cipher |
simple ] key | vpn-instance vpn-instance-name ]
*
Use the command...
system-view
radius scheme radius-scheme-name
primary accounting { ip-address | ipv6
ipv6-address } [ port-number | key [ cipher |
simple ] key | vpn-instance vpn-instance-name ]
*
22
Remarks
—
—
Required
Configure at least one
command.
No
authentication/authorizat
ion server is specified by
default.
Remarks
—
—
Required
Configure at least one
command.