KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

151

152

153

154

155

156

157

158

159

160

Configuring RADIUS accounting

NOTE: This procedure assumes:

• RADIUS authentication is configured on the switch for one or more access methods

• One or more RADIUS servers is configured to support the switch

If you have not already done so, see “RADIUS Authentication, Authorization, and Accounting”

(page 141).

1. Configure the switch for accessing a RADIUS server.

You can configure up to three RADIUS servers (one primary, two backup). The switch operates

on the assumption that a server can operate in both accounting and authentication mode. See

the documentation for your RADIUS server application for additional information.

• Use the same radius-server host command that you would use to configure RADIUS

authentication. See “Configuring a switch to access a RADIUS server” (page 158).

• Provide the following:

• A RADIUS server IP address.

• Optional UDP destination port for authentication requests. Otherwise the switch

assigns the default UDP port (1812; recommended).

• Optional if you are also configuring the switch for RADIUS authentication, and need

a unique encryption key for use during authentication sessions with the RADIUS server

you are designating, configure a server-specific key. This key overrides the global

encryption key you can also configure on the switch, and must match the encryption

key used on the specified RADIUS server. For more information, see the key <

key-string > parameter in “Configuring a switch to access a RADIUS server”

(page 158). Default: null

2. (Optional) Reconfigure the desired Acct-Session-ID operation.

• Unique (the default setting): Establishes a different Acct-Session-ID value for each service

type, and incrementing of this ID per CLI command for the Command service type. See

“Unique Acct-Session-ID operation” (page 187).

• Common: Establishes the same Acct-Session-ID value for all service types, including

successive CLI commands in the same management session.

3. Configure accounting types and the controls for sending reports to the RADIUS server.

• Accounting types:

• exec

• network

• system

• commands

• Trigger for sending accounting reports to a RADIUS server: At session start and stop or

only at session stop.

4. (Optional) Configure session blocking and interim updating options

• Updating: Periodically update the accounting data for sessions-in-progress.

• uppress accounting: Block the accounting session for any unknown user with no username

trying to access to the switch.

Configuring 157