HP 3600 v2 Series Security Configuration Manual page 39
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (449 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
To do...
Enter RADIUS scheme view
Specify a source IP address for
outgoing RADIUS packets
Specifying a backup source IP address for outgoing RADIUS packets
In a stateful failover scenario, the active switch authenticates portal users by interacting with the RADIUS
server, and synchronizes its online portal user information to the standby switch through the backup link
established between them. The standby switch only receives and processes synchronization messages
from the active switch. However, when the active switch fails, the RADIUS server does not send RADIUS
packets to the standby switch because it does not know the IP address of the standby switch. To solve this
problem, configure the source IP address for outgoing RADIUS packets on each switch as the backup
source IP address for outgoing RADIUS packets on the other switch. With such configuration, the active
switch will send the source IP address for outgoing RADIUS packets that is configured on the standby
switch to the RADIUS server, so that the RADIUS server can send unsolicited RADIUS packets to the
standby switch.
You can specify a backup IP address for outgoing RADIUS packets in RADIUS scheme view for a specific
RADIUS scheme, or in system view for all RADIUS schemes whose servers are in a VPN or the public
network. Before sending a RADIUS packet, a NAS selects a backup source IP address in this order:
The backup source IP address specified for the RADIUS scheme.
1.
The backup source IP address specified in system view for the VPN or public network, depending
2.
on where the RADIUS server resides.
If no backup source IP address is specified in the views, the NAS sends no backup source IP address to
the server.
Follow these steps to specify a backup source IP address for all RADIUS schemes of a VPN or the public
network:
To do...
Enter system view
Specify a backup source IP
address for outgoing RADIUS
packets
Follow these steps to specify a backup source IP address for a RADIUS scheme:
To do...
Enter system view
Enter RADIUS scheme view
Specify a backup source IP
address for outgoing RADIUS
packets
Use the command...
radius scheme
radius-scheme-name
nas-ip { ip-address | ipv6
ipv6-address }
Use the command...
system-view
radius nas-backup-ip ip-address
[ vpn-instance vpn-instance-name ]
Use the command...
system-view
radius scheme
radius-scheme-name
nas-backup-ip ip-address
28
Remarks
—
Required
By default, the IP address of the outbound
interface is used as the source IP address.
Remarks
—
Required
Not specified by default.
Remarks
—
—
Required
Not specified by default.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
