KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

141

142

143

144

145

146

147

148

149

150

3. Configure the global RADIUS parameters.

• Server key

This key must match the encryption key used on the RADIUS servers the switch contacts

for authentication and accounting services unless you configure one or more per-server

keys.

Default: null.

• Timeout period

The timeout period the switch waits for a RADIUS server to reply.

Default: 5 seconds; range: 1 to 15 seconds.

• Retransmit attempts

The number of retries when there is no server response to a RADIUS authentication request.

Default: 3; range of 1 to 5.

• Server dead-time

The period during which the switch will not send new authentication requests to a RADIUS

server that has failed to respond to a previous request. This avoids a wait for a request

to time out on a server that is unavailable. If you want to use this feature, select a dead-time

period of 1 to 1440 minutes. (Default: 0disabled; range: 1 - 1440 minutes.) If your

first-choice server was initially unavailable, but then becomes available before the

dead-time expires, you can nullify the dead-time by resetting it to zero and then trying to

log on again. As an alternative, you can reboot the switch, (thus resetting the dead-time

counter to assume the server is available) and then try to log on again.

• Number of Login Attempts

This is actually an aaa authentication command. It controls how many times per session

a RADIUS client (and clients using other forms of access) can try to log in with the correct

username and password.

Default: Three times per session.

For RADIUS accounting features, see “Accounting services” (page 185).

Configuring authentication for access methods RADIUS is to protect

Configure the switch for RADIUS authentication through the following access methods:

• Console: Either direct serial-port connection or modem connection.

• Telnet: Inbound Telnet must be enabled (the default).

• SSH: To use RADIUS for SSH access, first configure the switch for SSH operation.

• WebAgent: You can enable RADIUS authentication for WebAgent access to the switch.

You can configure RADIUS as the primary password authentication method for the above access

methods. You also need to select either local, none, or authorized as a secondary, or backup,

method. Note that for console access, if you configure radius (or tacacs) for primary authentication,

you must configure local for the secondary method. This prevents the possibility of being completely

locked out of the switch in the event that all primary access methods fail.

Syntax:

aaa authentication < console | telnet | ssh | web | < enable

| < login | radius>>

web-based | mac-based | <chap-radius | peap-radius>>

Configures RADIUS as the primary password authentication method for console,

Telnet, SSH, and/or the WebAgent.

144 RADIUS Authentication, Authorization, and Accounting