HP 5120 SI series Command Reference Manual page 71

View
RADIUS scheme view
Default level
2: System level
Parameters
ipv4-address: IPv4 address of the secondary accounting server, in dotted decimal notation. The default
is 0.0.0.0.
ipv6 ipv6-address: IPv6 address of the secondary accounting server.
port-number: UDP port number of the secondary accounting server, which ranges from 1 to 65535 and
defaults to 1813.
key [ cipher | simple ] key: Specifies a case-sensitive shared key for secure communication with the
secondary RADIUS accounting server.
cipher key: Specifies a ciphertext shared key, which is a string of 1 to 1 17 characters in non-FIPS
•
mode and a string of 8 to 1 17 characters in FIPS mode.
simple key: Specifies a plaintext shared key. In non-FIPS mode, the key is a string of 1 to 64
•
characters. In FIPS mode, the key is a string of 8 to 64 characters that must include uppercase letters,
lowercase letters, numbers, and special characters.
• If neither cipher nor simple is specified, you set a plaintext shared key string.
Description
Use the secondary accounting command to specify secondary RADIUS accounting servers for a RADIUS
scheme.
Use the undo secondary accounting command to remove the configuration.
By default, no secondary RADIUS accounting server is specified.
To configure multiple secondary RADIUS accounting servers, execute this command repeatedly. After the
configuration, if the primary server fails, the device looks for a secondary server in active state (a
secondary RADIUS accounting server configured earlier has a higher priority) and tries to communicate
with it.
A RADIUS scheme supports up to 16 secondary RADIUS accounting servers.
All accounting servers, primary or secondary, must use IP addresses of the same IP version.
The IP addresses of the primary and secondary accounting servers must be different from each other.
Otherwise, the configuration fails.
The RADIUS service port configured on the device and that of the RADIUS server must be consistent.
The shared keys configured on the device for accounting packets and that configured on the RADIUS
server must be consistent.
The shared key configured by this command takes precedence over that configured by the key
accounting [ cipher | simple ] key command.
The IP addresses of the accounting servers and those of the authentication/authorization servers must be
of the same IP version.
If you remove a secondary accounting server when the device is already sending a start-accounting
request to the server, the communication with the secondary server will time out, and then the device will
60