HPE FlexNetwork 7500 Series Security Configuration Manual page 44
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
Step
Specifying the RADIUS accounting servers and the relevant parameters
You can specify one primary accounting server and a maximum of 16 secondary accounting servers
for a RADIUS scheme. Secondary servers provide AAA services when the primary server becomes
unavailable. The device searches for an active server in the order the secondary servers are
configured.
If redundancy is not required, specify only the primary server. A RADIUS accounting server can
function as the primary accounting server for one scheme and a secondary accounting server for
another scheme at the same time.
When RADIUS server load sharing is enabled, the device distributes the workload over all servers
without considering the primary and secondary server roles. The device checks the weight value and
number of currently served users for each active server, and then determines the most appropriate
server in performance to receive an accounting request.
If you specify a maximum number of realtime accounting attempts, the device will disconnect users
from whom no accounting responses are received within the permitted attempts.
The device sends RADIUS stop-accounting requests when it receives connection teardown requests
from hosts or connection teardown commands from an administrator. However, the device might fail
to receive a response for a stop-accounting request in a single transmission. Enable the device to
buffer RADIUS stop-accounting requests that have not received responses from the accounting
server. The device will resend the requests until responses are received.
To limit the transmission times, set a maximum number of transmission attempts that can be made
for individual RADIUS stop-accounting requests. When the maximum attempts are made for a
request, the device discards the buffered request.
RADIUS does not support accounting for FTP, SFTP, and SCP users.
To specify RADIUS accounting servers and the relevant parameters for a RADIUS scheme:
Step
1.
Enter system view.
2.
Enter RADIUS scheme view.
3.
Specify RADIUS accounting
servers.
4.
(Optional.) Set the maximum
Command
ipv6-address } [ port-number |
key { cipher | simple } string |
test-profile profile-name |
vpn-instance
vpn-instance-name | weight
weight-value ] *
Command
system-view
radius scheme radius-scheme-name
•
Specify the primary RADIUS
accounting server:
primary accounting
{ ipv4-address | ipv6
ipv6-address } [ port-number | key
{ cipher | simple } string |
vpn-instance vpn-instance-name
| weight weight-value ] *
•
Specify a secondary RADIUS
accounting server:
secondary accounting
{ ipv4-address | ipv6
ipv6-address } [ port-number | key
{ cipher | simple } string |
vpn-instance vpn-instance-name
| weight weight-value ] *
retry realtime-accounting retries
30
Remarks
The weight keyword takes effect
only when the RADIUS server load
sharing feature is enabled for the
RADIUS scheme.
Remarks
N/A
N/A
By default, no accounting
servers are specified.
Two accounting servers in a
scheme, primary or
secondary, cannot have the
same combination of IP
address, port number, and
VPN instance.
The weight keyword takes
effect only when the RADIUS
server load sharing feature is
enabled for the RADIUS
scheme.
The default setting is 5.
Advertisement
Table of Contents
Troubleshooting
