HP A5830 Series Configuration Manual page 31

Security switch
Hide thumbs Also See for A5830 Series:
Table of Contents

Advertisement

To do...
6.
Enable buffering of stop-
accounting requests to
which no responses are
received.
7.
Set the maximum number
of stop-accounting
attempts.
The IP addresses of the primary and secondary accounting servers must be different from each other.
Otherwise, the configuration fails.
All servers for authentication/authorization and accountings, primary or secondary, must use IP
addresses of the same IP version.
If you delete an accounting server that is serving users, the switch can no longer send real-time
accounting requests and stop-accounting requests for the users to that server or buffer the stop-
accounting requests.
You can specify a RADIUS accounting server as the primary accounting server for one scheme and as
the secondary accounting server for another scheme at the same time.
RADIUS does not support accounting for FTP users.
Setting the shared keys for RADIUS packets
The RADIUS client and RADIUS server use the MD5 algorithm to encrypt packets exchanged between
them and use shared keys to authenticate the packets. They must use the same shared key for the same
type of packets.
A shared key configured in this task is for all servers of the same type (accounting or authentication) in
the scheme, and it has a lower priority than a shared key configured individually for a RADIUS server.
To set the shared keys for authenticating RADIUS packets:
To do...
1.
Enter system view.
2.
Enter RADIUS scheme view.
3.
Set the shared key for
authenticating RADIUS
authentication/authorization
or accounting packets.
A shared key configured on the switch must be the same as that configured on the RADIUS server.
Setting the username format and traffic statistics units
A username is usually in the format of userid@isp-name, where isp-name represents the name of the ISP
domain to which the user belongs. The switch uses it to determine which users belong to which ISP
domains. However, some earlier RADIUS servers cannot recognize usernames that contain an ISP
domain name. In this case, the switch must remove the domain name of each username before sending
the username. You can set the username format on the switch for this purpose.
The switch periodically sends accounting updates to RADIUS accounting servers to report the traffic
statistics of online users. For normal and accurate traffic statistics, make sure that the unit for data flows
and that for packets on the switch are consistent with those on the RADIUS server.
Use the command...
stop-accounting-buffer enable
retry stop-accounting retry-times
Use the command...
system-view
radius scheme radius-scheme-
name
key { accounting | authentication
} key
23
Remarks
Optional.
Enabled by default.
Optional.
500 by default.
Remarks
Required
No shared key by default

Advertisement

Table of Contents
loading

Table of Contents