HP MSR2000 Configuration Manual page 36

Setting the status of RADIUS servers
To control the RADIUS servers with which the device communicates when the current servers are no
longer available, set the status of RADIUS servers to blocked or active. You can specify one primary
RADIUS server and multiple secondary RADIUS servers, with the secondary servers functioning as the
backup of the primary servers. Typically, the device chooses servers based on these rules:
• When the primary server is in active state, the device communicates with the primary server.
If the primary server fails, the device changes the server's status to blocked, starts a quiet timer for
the server, and tries to communicate with a secondary server in active state (a secondary server
configured earlier has a higher priority).
If the secondary server is unreachable, the device changes the server's status to blocked, starts a
quiet timer for the server, and continues to check the next secondary server in active state. This
search process continues until the device finds an available secondary server or has checked all
secondary servers in active state.
If the quiet timer of a server expires or an authentication or accounting response is received from
the server, the status of the server automatically changes back to active, but the device does not
check the server again during the authentication or accounting process.
If no server is found reachable during one search process, the device considers the authentication
or accounting attempt a failure.
• If you remove an authentication or accounting server in use, the communication of the device with
the server soon times out, and the device looks for a server in active state by first checking the
primary server, and then checking secondary servers in the order they are configured.
When the primary server and secondary servers are all in blocked state, the device does not
•
communicate with any server.
If one server is in active state and all the others are in blocked state, the device only tries to
•
communicate with the server in active state, even if the server is unavailable.
After receiving an authentication/accounting response from a server, the device changes the status
•
of the server identified by the source IP address of the response to active if the current status of the
server is blocked.
By default, the device sets the status of all RADIUS servers to active. However, in some situations, you
must change the status of a server. For example, if a server fails, you can change the status of the server
to blocked to avoid communication attempts to the server.
To set the status of RADIUS servers:
Step
1. Enter system view.
2. Enter RADIUS scheme view.
Command
system-view
radius scheme radius-scheme-name
25
Remarks
N/A
N/A