HP 12500 Series Configuration Manual page 36

The IP addresses of the primary and secondary authentication/authorization servers for a scheme
•
must be different from each other. Otherwise, the configuration fails.
All servers for authentication/authorization and accounting, primary or secondary, must use IP
•
addresses of the same IP version.
A RADIUS authentication/authorization server can simultaneously serve as the primary server in
•
one scheme and a secondary server in another scheme.
To specify RADIUS authentication/authorization servers for a RADIUS scheme:
Step
1. Enter system view.
2. Enter RADIUS scheme view.
3. Specify RADIUS
authentication/authorization
servers.
Specifying the RADIUS accounting servers and the relevant parameters
You can specify one primary accounting server and up to 16 secondary accounting servers for a RADIUS
scheme. When the primary server is not available, a secondary server is used. When redundancy is not
required, specify only the primary server.
By setting the maximum number of real-time accounting attempts for a scheme, you make the switch
disconnect users for whom no accounting response is received before the number of accounting attempts
reaches the limit.
When the switch receives a connection teardown request from a host or a connection teardown
notification from an administrator, it sends a stop-accounting request to the accounting server. You can
enable buffering of non-responded stop-accounting requests to allow the switch to buffer and resend a
stop-accounting request until it receives a response or the number of stop-accounting attempts reaches
the configured limit. In the latter case, the switch discards the packet.
Follow these guidelines when you specify RADIUS accounting servers:
The IP addresses of the primary and secondary accounting servers must be different from each other.
•
Otherwise, the configuration fails.
• All servers for authentication/authorization and accounting, primary or secondary, must use IP
addresses of the same IP version.
If you delete an accounting server that is serving users, the switch can no longer send real-time
•
accounting requests and stop-accounting requests for the users to that server, or buffer the
stop-accounting requests.
• A RADIUS accounting server can simultaneously serve as the primary server in one scheme and a
secondary server in another scheme.
Command
system-view
radius scheme radius-scheme-name
•
Specify the primary RADIUS
authentication/authorization server:
primary authentication { ip-address
| ipv6 ipv6-address } [ port-number
| key [ cipher | simple ] key |
vpn-instance vpn-instance-name ] *
•
Specify a secondary RADIUS
authentication/authorization server:
secondary authentication
{ ip-address | ipv6 ipv6-address }
[ port-number | key [ cipher |
simple ] key | vpn-instance
vpn-instance-name ] *
26
Remarks
N/A
N/A
Configure at least one
command.
No
authentication/authorization
server is specified by default.