HPE FlexNetwork 10500 Series Security Configuration Manual page 48
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Network management and monitoring command reference (423 pages) ,
- Configuration manual (407 pages)
Table of Contents
Advertisement
Step
3.
Specify RADIUS accounting
servers.
4.
(Optional.) Set the maximum
number of real-time
accounting attempts.
5.
(Optional.) Enable buffering
of RADIUS stop-accounting
requests to which no
responses have been
received.
6.
(Optional.) Set the maximum
number of transmission
attempts for individual
RADIUS stop-accounting
requests.
Specifying the shared keys for secure RADIUS communication
The RADIUS client and server use the MD5 algorithm and shared keys to generate the Authenticator
value for packet authentication and user password encryption. The client and server must use the
same key for each type of communication.
A key configured in this task is for all servers of the same type (accounting or authentication) in the
scheme. The key has a lower priority than a key configured individually for a RADIUS server.
To specify a shared key for secure RADIUS communication:
Step
1.
Enter system view.
2.
Enter RADIUS scheme
view.
3.
Specify a shared key for
secure RADIUS
communication.
Specifying an MPLS L3VPN instance for the scheme
The VPN instance specified for a RADIUS scheme applies to all authentication and accounting
servers in that scheme. If a VPN instance is also configured for an individual RADIUS server, the
VPN instance specified for the RADIUS scheme does not take effect on that server.
Command
•
Specify the primary RADIUS
accounting server:
primary accounting { host-name
| ipv4-address | ipv6
ipv6-address } [ port-number | key
{ cipher | simple } string |
vpn-instance vpn-instance-name
| weight weight-value ] *
•
Specify a secondary RADIUS
accounting server:
secondary accounting
{ host-name | ipv4-address | ipv6
ipv6-address } [ port-number | key
{ cipher | simple } string |
vpn-instance vpn-instance-name
| weight weight-value ] *
retry realtime-accounting retries
stop-accounting-buffer enable
retry stop-accounting retries
Command
system-view
radius scheme
radius-scheme-name
key { accounting |
authentication } { cipher | simple }
string
31
Remarks
By default, no accounting
servers are specified.
Two accounting servers in a
scheme, primary or
secondary, cannot have the
same combination of host
name, IP address, port
number, and VPN instance.
The weight keyword takes
effect only when the RADIUS
server load sharing feature is
enabled for the RADIUS
scheme.
The default setting is 5.
By default, the buffering
feature is enabled.
The default setting is 500.
Remarks
N/A
N/A
By default, no shared key is
specified for secure RADIUS
communication.
The shared key configured on the
device must be the same as the
shared key configured on the
RADIUS server.
Advertisement
Table of Contents
Troubleshooting
