HP 5920 Series Configuration Manual page 34
Hide thumbs
Also See for 5920 Series:
- Command reference manual (607 pages) ,
- Configuration manual (424 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Advertisement
If the quiet timer of a server expires or an authentication or accounting response is received from
the server, the status of the server changes back to active automatically, but the device does not
check the server again during the authentication or accounting process.
If no server is found reachable during one search process, the device considers the authentication
or accounting attempt a failure.
If you remove an authentication or accounting server in use, the communication of the device with
•
the server soon times out, and the device looks for a server in active state by first checking the
primary server and then secondary servers in the order they are configured.
When the primary server and secondary servers are all in blocked state, the device does not
•
communicate with any server.
•
If one server is in active state and all the others are in blocked state, the device only tries to
communicate with the server in active state, even if the server is unavailable.
After receiving an authentication/accounting response from a server, the device changes the status
•
of the server identified by the source IP address of the response to active if the current status of the
server is blocked.
By default, the device sets the status of all RADIUS servers to active. In some cases, however, you must
change the status of a server. For example, if a server fails, you can change the status of the server to
blocked to avoid communication attempts to the server.
To set the status of RADIUS servers:
Step
1.
Enter system view.
2.
Enter RADIUS scheme view.
3.
Set the RADIUS server status.
Specifying the source IP address for outgoing RADIUS packets
The source IP address of RADIUS packets that a NAS sends must match the IP address of the NAS
configured on the RADIUS server. A RADIUS server identifies a NAS by its IP address. Upon receiving a
Command
system-view
radius scheme radius-scheme-name
•
Set the status of the primary RADIUS
authentication server:
state primary authentication { active |
block }
•
Set the status of the primary RADIUS
accounting server:
state primary accounting { active |
block }
•
Set the status of a secondary RADIUS
authentication server:
state secondary authentication
[ ip-address [ port-number |
vpn-instance vpn-instance-name ] * ]
{ active | block }
•
Set the status of a secondary RADIUS
accounting server:
state secondary accounting
[ ip-address [ port-number |
vpn-instance vpn-instance-name ] * ]
{ active | block }
26
Remarks
N/A
N/A
Configure at least one
command.
By default, every server
specified in a RADIUS scheme
is in active state.
The configured server status
cannot be saved to any
configuration file, and can
only be viewed by using the
display radius scheme
command. After the device
restarts, all servers are
restored to the active state.
Advertisement
Table of Contents
Troubleshooting
