HPE FlexFabric 7900 Series Security Configuration Manual page 27
Hide thumbs
Also See for FlexFabric 7900 Series:
- Layer 3 ip routing command reference (414 pages) ,
- Security configuration manual (323 pages) ,
- Security command reference (320 pages)
Table of Contents
Advertisement
Configuration task list
Tasks at a glance
(Required.)
(Required.)
(Optional.)
Specifying the RADIUS accounting servers and the relevant parameters
(Optional.)
Specifying the shared keys for secure RADIUS communication
(Optional.)
Specifying a VPN for the scheme
(Optional.)
Setting the username format and traffic statistics units
(Optional.)
Setting the maximum number of RADIUS request transmission attempts
(Optional.)
Setting the status of RADIUS servers
(Optional.)
Specifying the source IP address for outgoing RADIUS packets
(Optional.)
Setting RADIUS timers
(Optional.)
Configuring the accounting-on feature
(Optional.)
Configuring the IP addresses of the security policy servers
(Optional.)
Configuring the Login-Service attribute check method for SSH, FTP, and terminal users
(Optional.)
Enabling SNMP notifications for RADIUS
(Optional.)
Displaying and maintaining RADIUS
Creating a RADIUS scheme
Create a RADIUS scheme before performing any other RADIUS configurations. You can configure a
maximum of 16 RADIUS schemes. A RADIUS scheme can be used by multiple ISP domains.
To create a RADIUS scheme:
Step
1.
Enter system view.
2.
Create a RADIUS scheme
and enter RADIUS scheme
view.
Specifying the RADIUS authentication servers
A RADIUS authentication server completes authentication and authorization together, because
authorization information is piggybacked in authentication responses sent to RADIUS clients.
You can specify one primary authentication server and a maximum of 16 secondary authentication
servers for a RADIUS scheme. When the primary server is not available, the device searches for the
secondary servers in the order they are configured. The first secondary server in active state is used
for communication.
If redundancy is not required, specify only the primary server. A RADIUS authentication server can
act as the primary authentication server for one scheme and a secondary authentication server for
another scheme at the same time.
To specify RADIUS authentication servers for a RADIUS scheme:
Step
1.
Enter system view.
Creating a RADIUS scheme
Specifying the RADIUS authentication servers
Command
system-view
Command
system-view
radius scheme
radius-scheme-name
19
Remarks
N/A
By default, no RADIUS scheme is
defined.
Remarks
N/A
Advertisement
Table of Contents
Troubleshooting
