KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

141

142

143

144

145

146

147

148

149

150

For switches that have a separate out-of-band management port, the oobm parameter

specifies that the RADIUS traffic will go through the out-of-band management

(OOBM) port.

[ auth-port | < port-number > ]

Optional. Changes the UDP destination port for authentication requests to the

specified RADIUS server (host). If you do not use this option with the

radius-server host command, the switch automatically assigns the default

authentication port number. The auth-port number must match its server

counterpart.

Default: 1812

[ acct-port | < port-number > ]

Optional. Changes the UDP destination port for accounting requests to the specified

RADIUS server. If you do not use this option with the radius-server host command,

the switch automatically assigns the default accounting port number. The acct-port

number must match its server counterpart.

Default: 1813

[dyn-authorization]

Enables or disables the processing of Disconnect and Change of Authorization

messages from this host. When enabled, the RADIUS server can dynamically

terminate or change the authorization parameters (such as VLAN assignment) used

in an active client session on the switch. The UDP port specified in the

radius-server dyn-autz-port command (defaults to 3799) is the port used

to listen for Change of Authorization messages (CoA) or Disconnect messages (DM).

See “Change-of-Authorization” (page 185).

Default: Disabled

[key < key-string >

Optional. Specifies an encryption key for use during authentication (or accounting)

sessions with the specified server. This key must match the encryption key used on

the RADIUS server. Use this command only if the specified server requires a different

encryption key than configured for the global encryption key.

NOTE: Formerly, when you saved the configuration file using Xmodem or TFTP,

the RADIUS encryption key information was not saved in the file. This caused RADIUS

authentication to break when the startup configuration file was loaded back onto

the switch. You now can save the configured RADIUS shared secret (encryption)

key to a configuration file by entering the commands listed.

include-credentials

write memory

For more information, see

[encrypted-key key-string]

Encryption key to use with the RADIUS server, specified using a base64–encoded

aes-256 encrypted string.

[time-window <0-65535>

148 RADIUS Authentication, Authorization, and Accounting