HP 6600 Security Configuration Manual page 415
Hide thumbs
Also See for 6600:
- Command reference manual (286 pages) ,
- Configuration manual (236 pages) ,
- Installation and getting started manual (103 pages)
Table of Contents
Advertisement
Table 35 Configuration items
Item
Server Type
Username Format
Authentication Key
Confirm Authentication Key
Accounting Key
Confirm Accounting Key
Quiet Time
Server Response Timeout Time
Description
Select the type of the RADIUS servers supported by the device, which can be:
•
Standard—Standard RADIUS servers. The RADIUS client and RADIUS
server communicate by using the standard RADIUS protocol and packet
format defined in RFC 2865/2866 or later.
•
Extended—Extended RADIUS servers, usually running on IMC. The
RADIUS client and the RADIUS server communicate by using the
proprietary RADIUS protocol and packet format.
Select the format of usernames to be sent to the RADIUS server, including
Original format, With domain name, and Without domain name.
Typically, a username is in the format of userid@isp-name, of which isp-name
is used by the device to determine the ISP domain for the user. If a RADIUS
server (such as a RADIUS server of some early version) does not accept a
username that contains an ISP domain name, you can configure the device to
remove the domain name of a username before sending it to the RADIUS
server.
Set the shared key for authenticating RADIUS authentication packets and that
for authenticating RADIUS accounting packets.
The RADIUS client and the RADIUS server use MD5 to encrypt RADIUS
packets. They verify packets through the specified shared key. The client and
the server can receive and respond to packets from each other only when
they use the same shared key.
IMPORTANT:
The shared keys configured in the common configuration part are used only
when no corresponding shared keys are configured in the RADIUS server
configuration part.
Set the time to wait before the device restores an unreachable RADIUS server
to active state.
If the primary server is unreachable due to temporary interruption on the
network interface or the busy server, you can set the quiet time to 0 so that
authentication and accounting requests for other users are still sent to the
primary server for processing. When the quiet time is 0, if the server being
used is unreachable, the device keeps the server in the active state, and
sends the request to the next server in the active state. In this way, subsequent
authentication or accounting requests may still be sent to the server.
Set the RADIUS server response timeout time.
If the device sends a RADIUS request to a RADIUS server but receives no
response in the specified server response timeout time, it retransmits the
request. Setting a proper value according to the network conditions helps in
improving the system performance.
401
Advertisement
Table of Contents
Troubleshooting
