Security-Policy-Server - HPE FlexNetwork HSR6800 Security Command Reference
Hide thumbs
Also See for FlexNetwork HSR6800:
- Configuration manual (503 pages) ,
- Command reference manual (153 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
For 802.1X authentication, if the status of every server is block, the device assigns the port
connected to an authentication user to the specified 802.1X critical VLAN. For more information
about the 802.1X critical VLAN, see Security Configuration Guide.
To make sure the device can set the server to its actual status, set a longer quiet timer for the
secondary server with the timer quiet command. If you set a short quiet timer and configure 802.1X
critical VLAN on a port, the device might frequently change the server status, and the port might
frequently join and leave the critical VLAN.
Examples
# Specify two secondary authentication/authorization servers for RADIUS scheme radius1, with the
server IP addresses of 10.110.1.1 and 10.110.1.2 and the UDP port number of 1813. Set the shared
keys to hello in plain text.
<Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] secondary authentication 10.110.1.1 1812 key simple hello
[Sysname-radius-radius1] secondary authentication 10.110.1.2 1812 key simple hello
# For RADIUS scheme radius2, set the IP address of the secondary authentication/authorization
server
to
$c$3$NMCbVjyIutaV6csCOGp4zsKRTlg2eT3B in cipher text.
<Sysname> system-view
[Sysname] radius scheme radius2
[Sysname-radius-radius2] secondary authentication 10.110.1.2 1812 key cipher
$c$3$NMCbVjyIutaV6csCOGp4zsKRTlg2eT3B
# In RADIUS scheme radius1, set the username used for status detection of the secondary
authentication/authorization server to test, and set the server status detection interval to 120
minutes.
<Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] secondary authentication 10.110.1.1 probe username test interval
120
Related commands
•
key (RADIUS scheme view)
•
vpn-instance (RADIUS scheme view)
security-policy-server
Use security-policy-server to specify a security policy server for a RADIUS scheme.
Use undo security-policy-server to remove one or all security policy servers for a RADIUS
scheme.
Syntax
security-policy-server ip-address
undo security-policy-server { ip-address | all }
Default
No security policy server is specified for a RADIUS scheme.
Views
RADIUS scheme view
10.110.1.2,
the
UDP
port
to
1812,
76
and
the
shared
key
to
Advertisement
Table of Contents
