HP 6600 Security Configuration Manual page 46
Hide thumbs
Also See for 6600:
- Command reference manual (286 pages) ,
- Configuration manual (236 pages) ,
- Installation and getting started manual (103 pages)
Table of Contents
Advertisement
Step
3.
Set the maximum number of
RADIUS request transmission
attempts.
Setting the status of RADIUS servers
By setting the status of RADIUS servers to blocked or active, you can control the AAA servers with which
the device communicates when the current servers are no longer available. In practice, you can specify
one primary RADIUS server and multiple secondary RADIUS servers, with the secondary servers
functioning as the backup of the primary servers. Typically, the device chooses servers based on these
rules:
When the primary server is in active state, the device communicates with the primary server.
•
If the primary server fails, the device changes the server's status to blocked, starts a quiet timer for
the server, and tries to communicate with a secondary server in active state (a secondary server
configured earlier has a higher priority).
If the secondary server is unreachable, the device changes the server's status to blocked, starts a
quiet timer for the server, and continues to check the next secondary server in active state. This
search process continues until the device finds an available secondary server or has checked all
secondary servers in active state.
If the quiet timer of a server expires or an authentication or accounting response is received from
the server, the status of the server changes back to active automatically, but the device does not
check the server again during the authentication or accounting process.
If no server is found reachable during one search process, the device considers the authentication
or accounting attempt a failure.
Once the accounting process of a user starts, the device keeps sending the user's real-time
•
accounting requests and stop-accounting requests to the same accounting server.
If you remove the accounting server, real-time accounting requests and stop-accounting requests for
•
the user are no longer delivered to the server.
•
If you remove an authentication or accounting server in use, the communication of the device with
the server will soon time out, and the device will look for a server in active state by checking the
primary server first and then the secondary servers in the order they are configured.
When the primary server and secondary servers are all in blocked state, the device communicates
•
with the primary server. If the primary server is available, its status changes to active. Otherwise, its
status remains to be blocked.
If one server is in active state and all the others are in blocked state, the device only tries to
•
communicate with the server in active state, even if the server is unavailable.
After receiving an authentication/accounting response from a server, the device changes the status
•
of the server identified by the source IP address of the response to active if the current status of the
server is blocked.
The device does not change the status of an unreachable authentication or accounting server if the server
quiet timer is set to 0. Instead, the device keeps the server status as active and sends authentication or
accounting packets to another server in active state, so subsequent authentication or accounting packets
can still be sent to that server. For more information about the server quiet timer, see
timers."
Command
retry retry-times
32
Remarks
Optional.
The default setting is 3.
"Setting RADIUS
Advertisement
Table of Contents
Troubleshooting
