HP 5500 HI Series Configuration Manual page 42
Security
Hide thumbs
Also See for 5500 HI Series:
- Installation manual (72 pages) ,
- Compliance and safety manual (62 pages) ,
- Quickspecs (35 pages)
Table of Contents
Advertisement
To specify a source IP address for a specific RADIUS scheme:
Step
1.
Enter system view.
2.
Enter RADIUS scheme view.
3.
Specify a source IP address
for outgoing RADIUS packets.
Specifying a backup source IP address for outgoing RADIUS packets
In a stateful failover scenario, the active switch authenticates portal users by interacting with the RADIUS
server, and synchronizes its online portal user information to the standby switch through the backup link
established between them. The standby switch only receives and processes synchronization messages
from the active switch. However, when the active switch fails, the RADIUS server does not send RADIUS
packets to the standby switch because it does not know the IP address of the standby switch. To solve this
problem, configure the source IP address for outgoing RADIUS packets on each switch as the backup
source IP address for outgoing RADIUS packets on the other switch. With such configuration, the active
switch sends the source IP address for outgoing RADIUS packets that is configured on the standby switch
to the RADIUS server, so that the RADIUS server can send unsolicited RADIUS packets to the standby
switch.
You can specify a backup IP address for outgoing RADIUS packets in RADIUS scheme view for a specific
RADIUS scheme, or in system view for all RADIUS schemes whose servers are in the same VPN. Before
sending a RADIUS packet, a NAS selects a backup source IP address in the following order:
Backup source IP address specified for the RADIUS scheme.
•
Backup source IP address specified in system view for the VPN.
•
If no backup source IP address is specified in the views, the NAS sends no backup source IP address to
the server.
To specify a backup source IP address for all RADIUS schemes:
Step
1.
Enter system view.
2.
Specify a backup source IP
address for outgoing RADIUS
packets.
To specify a backup source IP address for a RADIUS scheme:
Step
1.
Enter system view.
2.
Enter RADIUS scheme view.
3.
Specify a backup source IP
address for outgoing RADIUS
packets.
Command
system-view
radius scheme
radius-scheme-name
nas-ip { ip-address | ipv6
ipv6-address }
Command
system-view
radius nas-backup-ip ip-address
[ vpn-instance vpn-instance-name ]
Command
system-view
radius scheme
radius-scheme-name
nas-backup-ip ip-address
29
Remarks
N/A
N/A
By default, the IP address of the
outbound interface is used as the
source IP address.
Remarks
N/A
Not specified by default.
Remarks
N/A
N/A
Not specified by default.
- Quick Links:
- Configuration Guide
- Configuring Aaa
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
