HP 3600 v2 Series Security Configuration Manual page 34
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (449 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
To do...
Specify the secondary RADIUS
accounting server
Set the maximum number of
real-time accounting attempts
Enable buffering of
stop-accounting requests to
which no responses are
received
Set the maximum number of
stop-accounting attempts
NOTE:
The IP addresses of the primary and secondary accounting servers must be different from each other.
•
Otherwise, the configuration fails.
All servers for authentication/authorization and accountings, primary or secondary, must use IP
•
addresses of the same IP version.
If you delete an accounting server that is serving users, the switch can no longer send real-time
•
accounting requests and stop-accounting requests for the users to that server, or buffer the
stop-accounting requests.
•
You can specify a RADIUS accounting server as the primary accounting server for one scheme and as
the secondary accounting server for another scheme at the same time.
RADIUS does not support accounting for FTP users.
•
Specifying the shared keys for secure RADIUS communication
The RADIUS client and RADIUS server use the MD5 algorithm to authenticate packets exchanged
between them and use shared keys for packet authentication and user passwords encryption. They must
use the same key for the same type of communication.
A shared key configured in this task is for all servers of the same type (accounting or authentication) in
the scheme, and has a lower priority than a shared key configured individually for a RADIUS server.
Follow these steps to specify a shared key for secure RADIUS communication:
To do...
Enter system view
Enter RADIUS scheme view
Specify a shared key for secure
RADIUS
authentication/authorization or
accounting communication
NOTE:
A shared key configured on the switch must be the same as that configured on the RADIUS server.
Use the command...
secondary accounting { ip-address | ipv6
ipv6-address } [ port-number | key [ cipher |
simple ] key | vpn-instance vpn-instance-name ]
*
retry realtime-accounting retry-times
stop-accounting-buffer enable
retry stop-accounting retry-times
Use the command...
system-view
radius scheme
radius-scheme-name
key { accounting | authentication }
key
23
Remarks
No accounting server is
specified by default.
Optional
5 by default
Optional
Enabled by default
Optional
500 by default
Remarks
—
—
Required
No shared key by default
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
