HP FlexNetwork 10500 Series Security Configuration Manual page 39
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
Step
3.
Specify RADIUS
authentication servers.
Specifying the RADIUS accounting servers and the relevant parameters
You can specify one primary accounting server and up to 16 secondary accounting servers for a
RADIUS scheme. Secondary servers provide AAA services when the primary server becomes
unavailable. The device searches for an active server in the order the secondary servers are
configured.
If redundancy is not required, specify only the primary server. A RADIUS accounting server can act
as the primary accounting server for one scheme and a secondary accounting server for another
scheme at the same time.
When RADIUS server load sharing is enabled, the device distributes the workload over all servers
without considering the primary and secondary server roles. The device checks the weight value and
number of currently served users for each active server, and then determines the most appropriate
server in performance to receive an accounting request.
The device sends a stop-accounting request to the accounting server in the following situations:
•
The device receives a connection teardown request from a host.
•
The device receives a connection teardown command from an administrator.
When the maximum number of realtime accounting attempts is reached, the device disconnects
users who have no accounting responses.
RADIUS does not support accounting for FTP, SFTP, and SCP users.
To specify RADIUS accounting servers and the relevant parameters for a RADIUS scheme:
Step
1.
Enter system view.
2.
Enter RADIUS scheme view.
Command
•
Specify the primary RADIUS
authentication server:
primary authentication
{ host-name | ipv4-address | ipv6
ipv6-address } [ port-number |
key { cipher | simple } string |
test-profile profile-name |
vpn-instance
vpn-instance-name | weight
weight-value ] *
•
Specify a secondary RADIUS
authentication server:
secondary authentication
{ host-name | ipv4-address | ipv6
ipv6-address } [ port-number |
key { cipher | simple } string |
test-profile profile-name |
vpn-instance
vpn-instance-name | weight
weight-value ] *
Command
system-view
radius scheme radius-scheme-name
25
Remarks
By default, no authentication
server is specified.
To support server status
detection, specify an existing test
profile for the RADIUS
authentication server. If the test
profile does not exist, the device
cannot detect the server status.
Two authentication servers in a
scheme, primary or secondary,
cannot have the same
combination of hostname, IP
address, port number, and VPN.
The weight keyword takes effect
only when the RADIUS server
load sharing feature is enabled for
the RADIUS scheme.
Remarks
N/A
N/A
Advertisement
Table of Contents
Troubleshooting
