HPE FlexNetwork 10500 Series Security Configuration Manual page 54
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Network management and monitoring command reference (423 pages) ,
- Configuration manual (407 pages)
Table of Contents
Advertisement
Configuring the RADIUS accounting-on feature
When the accounting-on feature is enabled, the device automatically sends an accounting-on packet
to the RADIUS server after the entire device reboots. Upon receiving the accounting-on packet, the
RADIUS server logs out all online users so they can log in again through the device. Without this
feature, users cannot log in again after the reboot, because the RADIUS server considers them to
come online.
You can configure the interval for which the device waits to resend the accounting-on packet and the
maximum number of retries.
The extended accounting-on feature enhances the accounting-on feature in a distributed
architecture. For the extended accounting-on feature to take effect, the RADIUS server must run on
IMC and the accounting-on feature must be enabled.
The extended accounting-on feature is applicable to LAN users. The user data is saved to the
service modules through which the users access the device. When the extended accounting-on
feature is enabled, the device automatically sends an accounting-on packet to the RADIUS server
after a module reboots. The packet contains the module identifier. Upon receiving the accounting-on
packet, the RADIUS server logs out all online users who access the device through the service
module.
To configure the accounting-on feature for a RADIUS scheme:
Step
1.
Enter system view.
2.
Enter RADIUS scheme view.
3.
Enable accounting-on.
4.
(Optional.) Enable extended
accounting-on.
Interpreting the RADIUS class attribute as CAR parameters
A RADIUS server may deliver CAR parameters for user-based traffic monitoring and control by using
the RADIUS class attribute (attribute 25) in RADIUS packets. You can configure the device to
interpret the class attribute to CAR parameters.
To configure the device to interpret the RADIUS class attribute as CAR parameters:
Step
1.
Enter system view.
2.
Enter RADIUS scheme view.
3.
Interpret the RADIUS class
attribute as CAR parameters.
Configuring the Login-Service attribute check method for SSH, FTP, and terminal users
The device supports the following check methods for the Login-Service attribute (RADIUS attribute
15) of SSH, FTP, and terminal users:
•
Strict—Matches Login-Service attribute values 50, 51, and 52 for SSH, FTP, and terminal
services, respectively.
•
Loose—Matches the standard Login-Service attribute value 0 for SSH, FTP, and terminal
services.
Command
system-view
radius scheme
radius-scheme-name
accounting-on enable [ interval
interval | send send-times ] *
accounting-on extended
Command
system-view
radius scheme
radius-scheme-name
attribute 25 car
37
Remarks
N/A
N/A
By default, the accounting-on
feature is disabled.
By default, extended
accounting-on is disabled.
Remarks
N/A
N/A
By default, the RADIUS class
attribute is not interpreted as
CAR parameters.
Advertisement
Table of Contents
Troubleshooting
