HPE FlexNetwork 5510 HI Series Security Configuration Manual page 38
Hide thumbs
Also See for FlexNetwork 5510 HI Series:
- Configuration manual (572 pages) ,
- Mpls configuration manual (505 pages) ,
- Layer 3 - ip routing configuration manual (486 pages)
Table of Contents
Advertisement
Step
Specifying the RADIUS accounting servers and the relevant parameters
You can specify one primary accounting server and a maximum of 16 secondary accounting servers
for a RADIUS scheme. When the primary server is not available, the device searches for the
secondary servers in the order they are configured. The first secondary server in active state is used
for communication.
If redundancy is not required, specify only the primary server. A RADIUS accounting server can act
as the primary accounting server for one scheme and a secondary accounting server for another
scheme at the same time.
When RADIUS server load sharing is enabled, the device distributes the workload over all servers
without considering the primary and secondary server roles. The device checks the weight value and
number of currently served users for each active server, and then determines the most appropriate
server in performance to receive an accounting request.
The device sends a stop-accounting request to the accounting server in the following situations:
•
The device receives a connection teardown request from a host.
•
The device receives a connection teardown command from an administrator.
When the maximum number of realtime accounting attempts is reached, the device disconnects
users who have no accounting responses.
RADIUS does not support accounting for FTP, SFTP, and SCP users.
To specify a RADIUS server by hostname in an MPLS VPN network, first complete one of the
following tasks on the device:
•
Configure hostname-to-IP address mappings for the VPN by using the ip host or ipv6 host
command.
•
Configure a DNS server for the VPN by using the dns server or ipv6 dns server command.
For more information about these commands, see Layer 3—IP Services Command Reference.
To specify RADIUS accounting servers and the relevant parameters for a RADIUS scheme:
Step
1.
Enter system view.
2.
Enter RADIUS scheme view.
3.
Specify RADIUS accounting
servers.
Command
authentication
secondary
authentication
{ host-name | ipv4-address | ipv6
ipv6-address } [ port-number |
key { cipher | simple } string |
test-profile
profile-name
vpn-instance
vpn-instance-name
weight-value ] *
Command
system-view
radius scheme radius-scheme-name
•
Specify
the
accounting
primary accounting { host-name
|
ipv4-address
ipv6-address } [ port-number | key
{ cipher | simple } string |
vpn-instance vpn-instance-name
| weight weight-value] *
•
Specify a secondary RADIUS
accounting
secondary
25
Remarks
server:
feature is enabled for the RADIUS
scheme.
The test-profile profile-name and
weight weight-value options are
available in Release 1121 and
|
later.
|
weight
Remarks
N/A
N/A
By default, no accounting
primary
RADIUS
server is specified.
server:
Two accounting servers in a
|
ipv6
scheme,
secondary, cannot have the
same
hostname, IP address, port
number, and VPN.
The
server:
option takes effect only when
accounting
the RADIUS server load
primary
or
combination
of
weight
weight-value
- Quick Links:
- Radius
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the FlexNetwork 5510 HI Series and is the answer not in the manual?