Using Multiple Radius Server Groups; Commands - HP 3500yl Series Access Security Manual

HP Switch
(config)# radius-server host 10.33.18.151 acct-port 1750 key
HP Switch
(config)# write mem
HP Switch
(config)# show radius
Status and Counters - General RADIUS Information
Deadtime(min) : 0
Timeout(secs) : 5
Retransmit Attempts : 3
Global Encryption Key :
Dynamic Authorization UDP Port : 3799
Server IP Addr
--------------- ---- ---- --- ------ -------------------------------- -----
10.33.18.151
Figure 6-8. Example of RADIUS Server Group Command Output

Using Multiple RADIUS Server Groups

The authentication and accounting features on the switch can use up to fifteen
RADIUS servers. This option allows the RADIUS servers to be put into groups.
Up to 5 groups of 3 RADIUS servers each can be configured. The authentica-
tion and accounting features can choose which RADIUS server group to
communicate with. End-user authentication methods (802.1X, MAC-based
and web-based) can authenticate with different RADIUS servers from the
management interface authentication methods (console, telnet, ssh, web).

Commands

Several commands are used to support the RADIUS server group option. The
RADIUS server must be configured before it can be added to a group. See
"Configuring the Switch for RADIUS Authentication" on page 6-7 for more
information about configuring RADIUS servers.
source0151
Auth Acct DM/ Time
Port Port CoA Window Encryption Key
1812 1750 No 10
Syntax: [no] radius-server host < ip-address >
Adds a server to the RADIUS configuration or (with no) deletes
a server from the configuration. You can configure up to
fifteen RADIUS server addresses. The switch uses the first
server it successfully accesses.
RADIUS Authentication, Authorization, and Accounting
Configuring the Switch for RADIUS Authentication
Because the radius-server command includes an
acct-port keyword with a non-default UDP port
number of 1750, the switch assigns this value as the
UDP accounting port.
source0151
OOBM
No
6-23