HP 6600 Security Configuration Manual page 42
Hide thumbs
Also See for 6600:
- Command reference manual (286 pages) ,
- Configuration manual (236 pages) ,
- Installation and getting started manual (103 pages)
Table of Contents
Advertisement
Step
3.
Specify RADIUS
authentication/authorization
servers.
Specifying the RADIUS accounting servers and the relevant parameters
You can specify one primary accounting server and up to 16 secondary accounting servers for a RADIUS
scheme. When the primary server is not available, a secondary server is used. When redundancy is not
required, specify only the primary server. A RADIUS accounting server can function as the primary
accounting server for one scheme and a secondary accounting server for another scheme at the same
time.
When the device receives a connection teardown request from a host or a connection teardown
command from an administrator, it sends a stop-accounting request to the accounting server. When the
maximum number of real-time accounting attempts is reached, the device disconnects users who have no
accounting responses. You can enable buffering of non-responded stop-accounting requests to allow the
device to buffer and resend a stop-accounting request until it receives a response. If the number of
stop-accounting attempts reaches the upper limit, the device discards the buffered request.
If you delete an accounting server that is serving users, the device no longer sends real-time accounting
requests or stop-accounting requests for the users to that server, or buffers the stop-accounting requests.
RADIUS does not support accounting for FTP users.
To specify RADIUS accounting servers and set relevant parameters for a scheme:
Step
1.
Enter system view.
2.
Enter RADIUS scheme view.
Command
•
Specify the primary RADIUS
authentication/authorization server:
primary authentication { ip-address
| ipv6 ipv6-address } [ port-number
| key [ cipher | simple ] key | probe
username name [ interval interval ]
| vpn-instance vpn-instance-name ]
*
•
Specify a secondary RADIUS
authentication/authorization server:
secondary authentication
{ ip-address | ipv6 ipv6-address }
[ port-number | key [ cipher |
simple ] key | probe username
name [ interval interval ] |
vpn-instance vpn-instance-name ] *
Command
system-view
radius scheme
radius-scheme-name
28
Remarks
Configure at least one
command.
By default, no
authentication/authorization
server is specified.
In FIPS mode, the shared key
must be a string of at least 8
characters that contain
numbers, uppercase letters,
lowercase letters, and special
characters, and is encrypted
and decrypted by using
3DES.
The IP addresses of the
primary and secondary
authentication/authorization
servers for a scheme must be
different. Otherwise, the
configuration will fail.
All servers for
authentication/authorization
and accounting, primary or
secondary, must use IP
addresses of the same IP
version.
Remarks
N/A
N/A
Advertisement
Table of Contents
Troubleshooting
