Changing Radius-Server Access Order - HP ProCurve 2810 Series Access Security Manual

RADIUS Authentication and Accounting

Changing RADIUS-Server Access Order

Figure 5-17. Search Order for Accessing a RADIUS Server
5-30

Changing RADIUS-Server Access Order

The switch tries to access RADIUS servers according to the order in which
their IP addresses are listed by the show radius command. Also, when you add
a new server IP address, it is placed in the highest empty position in the list.
Adding or deleting a RADIUS server IP address leaves an empty position, but
does not change the position of any other server addresses in the list. For
example if you initially configure three server addresses, they are listed in the
order in which you entered them. However, if you subsequently remove the
second server address in the list and add a new server address, the new
address will be placed second in the list.
Thus, to move a server address up in the list, you must delete it from the list,
ensure that the position to which you want to move it is vacant, and then re-
enter it. For example, suppose you have already configured the following three
RADIUS server IP addresses in the switch:
To exchange the positions of the addresses so that the server at 10.10.10.003
will be the first choice and the server at 10.10.10.001 will be the last, you would
do the following:
1. Delete 10.10.10.003 from the list. This opens the third (lowest) position in
the list.
2. Delete 10.10.10.001 from the list. This opens the first (highest) position in
the list.
RADIUS server IP addresses listed in the order
in which the switch will try to access them. In this
case, the server at IP address 10.10.10.1 is first.
Note: If the switch successfully accesses the
first server, it does not try to access any other
servers in the list, even if the client is denied
access by the first server.