HP 6600 Security Configuration Manual page 43

Step
3. Specify RADIUS accounting
servers.
4. Set the maximum number of
real-time accounting attempts.
5. Enable buffering of
stop-accounting requests to
which no responses are
received.
6. Set the maximum number of
stop-accounting attempts.
Specifying the shared keys for secure RADIUS communication
The RADIUS client and RADIUS server use the MD5 algorithm and a shared key pair for packet
authentication and password encryption in a certain type of communication.
A shared key configured in RADIUS scheme view applies to all servers of the specified type (accounting
or authentication) in that scheme, and has a lower priority than those configured for individual RADIUS
servers.
To specify a shared key for secure RADIUS communication:
Step
1. Enter system view.
2. Enter RADIUS scheme view.
Command
•
Specify the primary RADIUS
accounting server:
primary accounting
{ ip-address | ipv6
ipv6-address } [ port-number |
key [ cipher | simple ] key |
vpn-instance
vpn-instance-name ] *
•
Specify a secondary RADIUS
accounting server:
secondary accounting
{ ip-address | ipv6
ipv6-address } [ port-number |
key [ cipher | simple ] key |
vpn-instance
vpn-instance-name ] *
retry realtime-accounting
retry-times
stop-accounting-buffer enable
retry stop-accounting retry-times
Command
system-view
radius scheme
radius-scheme-name
29
Remarks
Configure at least one command.
No accounting server is specified
by default.
In FIPS mode, the shared key must
be a string of at least 8 characters
that contain numbers, uppercase
letters, lowercase letters, and
special characters, and is
encrypted and decrypted by using
3DES.
The IP addresses of the primary
and secondary accounting servers
must be different from each other.
Otherwise, the configuration fails.
All servers for
authentication/authorization and
accounting, primary or secondary,
must use IP addresses of the same
IP version.
Optional.
The default setting is 5.
Optional.
Enabled by default.
Optional.
The default setting is 500.
Remarks
N/A
N/A