KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

141

142

143

144

145

146

147

148

149

150

Configuring the switch global RADIUS parameters

Configure the switch for the following global RADIUS parameters:

• Number of login attempts

In a given session, this specifies how many tries at entering the correct username and password

pair are allowed before access is denied and the session terminated. This is a general aaa

authentication parameter and is not specific to RADIUS.

• Global server key

The server key the switch uses for contacts with all RADIUS servers for which there is not a

server-specific key configured by radius-server host < ip-address > key < key-string

>. This key is optional if you configure a server-specific key for each RADIUS server entered

in the switch. See “Configuring the switch to access a RADIUS server” (page 147).

• Server timeout

Defines the time period in seconds for authentication attempts. If the timeout period expires

before a response is received, the attempt fails.

• Server dead time

Specifies the time in minutes during which the switch avoids requesting authentication from a

server that has not responded to previous requests.

• Retransmit attempts

If the first attempt to contact a RADIUS server fails, this specifies how many retries to allow

the switch to attempt on that server.

• Change of Authorization port

The dyn-autz-port parameter specifies the UDP port number that listens for the Change of

Authorization and Disconnect messages. The UDP port range is 1024-49151. The default

port is 3799.

Syntax:

aaa authentication num-attempts < 1 - 10 >

Specifies how many tries for entering the correct username and password are

allowed before shutting down the session due to input errors.

Default: 3; Range: 1 - 10.

[no] radius-server

key < global-key-string >

Specifies the global encryption key the switch uses with servers for which the switch

does not have a server-specific key assignment. This key is optional if all RADIUS

server addresses configured in the switch include a server-specific encryption key.

Default: Null.

[encrypted-key <global-key-string>

Global encryption key, specified using a base64–encoded aes-256 encrypted

string.

dead-time < 1 - 1440 >

Optional. Specifies the time in minutes during which the switch will not attempt to

use a RADIUS server that has not responded to an earlier authentication attempt.

Default: 0; Range: 1 - 1440 minute

150 RADIUS Authentication, Authorization, and Accounting