Configuring Radius Schemes - HP FlexNetwork 10500 Series Security Configuration Manual

Configuring RADIUS schemes

A RADIUS scheme specifies the RADIUS servers that the device can work with and defines a set of
parameters. The device uses the parameters to exchange information with the RADIUS servers,
including the server IP addresses, UDP port numbers, shared keys, and server types.
Configuration task list
Tasks at a glance
(Optional.) Configuring a test profile for RADIUS server status detection
(Required.)
(Required.)
(Optional.) Specifying the RADIUS accounting servers and the relevant parameters
(Optional.) Specifying the shared keys for secure RADIUS communication
(Optional.) Specifying a VPN for the scheme
(Optional.) Setting the username format and traffic statistics units
(Optional.) Setting the maximum number of RADIUS request transmission attempts
(Optional.) Setting the status of RADIUS servers
(Optional.) Enabling the RADIUS server load sharing feature
(Optional.) Specifying the source IP address for outgoing RADIUS packets
(Optional.) Setting RADIUS timers
(Optional.) Configuring the accounting-on feature
(Optional.) Configuring the IP addresses of the security policy servers
(Optional.) Configuring the Login-Service attribute check method for SSH, FTP, and terminal users
(Optional.) Enabling SNMP notifications for RADIUS
(Optional.) Displaying and maintaining RADIUS
Configuring a test profile for RADIUS server status detection
Use a test profile to detect whether a RADIUS authentication server is reachable at a detection
interval. To detect the RADIUS server status, you must configure the RADIUS server to use this test
profile in a RADIUS scheme.
With the test profile specified, the device sends a detection packet to the RADIUS server within each
detection interval. The detection packet is a simulated authentication request that includes the
specified user name in the test profile.
•
If the device receives a response from the server within the interval, it sets the server to the
active state.
•
If the device does not receive any response from the server within the interval, it sets the server
to the blocked state.
The device refreshes the RADIUS server status at each detection interval according to the detection
result.
The device stops detecting the status of the RADIUS server when one of the following operations is
performed:
•
The RADIUS server is removed from the RADIUS scheme.
•
The test profile configuration is removed for the RADIUS server in RADIUS scheme view.
•
The test profile is deleted.
Creating a RADIUS scheme
Specifying the RADIUS authentication servers
23