HPE FlexNetwork 10500 Series Security Configuration Manual page 51
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Network management and monitoring command reference (423 pages) ,
- Configuration manual (407 pages)
Table of Contents
Advertisement
number of currently served users for each active server, and then determines the most appropriate
server in performance to receive an AAA request.
In RADIUS server load sharing, once the device sends a start-accounting request to a server for a
user, it forwards all subsequent accounting requests of the user to the same server. If the accounting
server is unreachable, the device returns an accounting failure message rather than searching for
another active accounting server.
To set the status of RADIUS servers:
Step
1.
Enter system view.
2.
Enter RADIUS scheme
view.
3.
Set the RADIUS server
status.
Enabling the RADIUS server load sharing feature
By default, the device communicates with RADIUS servers based on the server roles. It first attempts
to communicate with the primary server, and, if the primary server is unavailable, it then searches for
the secondary servers in the order they are configured. The first secondary server in active state is
used for communication. In this process, the workload is always placed on the active server.
Use the RADIUS server load sharing feature to dynamically distribute the workload over multiple
servers regardless of their server roles. The device forwards an AAA request to the most appropriate
server of all active servers in the scheme after it compares the weight values and numbers of
currently served users. Specify a weight value for each RADIUS server based on the AAA capacity of
the server. A larger weight value indicates a higher AAA capacity.
In RADIUS server load sharing, once the device sends a start-accounting request to a server for a
user, it forwards all subsequent accounting requests of the user to the same server. If the accounting
server is unreachable, the device returns an accounting failure message rather than searching for
another active accounting server.
To enable the RADIUS server load sharing feature:
Step
1.
Enter system view.
Command
system-view
radius scheme radius-scheme-name
•
Set the status of the primary
RADIUS authentication server:
state primary authentication
{ active | block }
•
Set the status of the primary
RADIUS accounting server:
state primary accounting { active
| block }
•
Set the status of a secondary
RADIUS authentication server:
state secondary authentication
[ { host-name | ipv4-address | ipv6
ipv6-address } [ port-number |
vpn-instance vpn-instance-name ]
* ] { active | block }
•
Set the status of a secondary
RADIUS accounting server:
state secondary accounting
[ { host-name | ipv4-address | ipv6
ipv6-address } [ port-number |
vpn-instance vpn-instance-name ]
* ] { active | block }
Command
system-view
34
Remarks
N/A
N/A
By default, a RADIUS server
is in active state.
The configured server status
cannot be saved to any
configuration file, and can
only be viewed by using the
display radius scheme
command. After the device
restarts, all servers are
restored to the active state.
Remarks
N/A
Advertisement
Table of Contents
Troubleshooting
