Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
41424344454647484950
27
Task Remarks
Displaying and maintaining RADIUS Optional.
Creating a RADIUS scheme
Before you perform other RADIUS configurations, first create a RADIUS scheme and enter RADIUS
scheme view. A RADIUS scheme can be referenced by multiple ISP domains at the same time.
To create a RADIUS scheme and enter RADIUS scheme view:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a RADIUS scheme and
enter RADIUS scheme view.
radius scheme
radius-scheme-name
By default, no RADIUS scheme is
created.
Specifying the RADIUS authentication/authorization servers
In RADIUS, user authorization information is piggybacked in authentication responses sent to RADIUS
clients. It is neither allowed nor needed to specify a separate RADIUS authorization server.
You can specify one primary authentication/authorization server and up to 16 secondary
authentication/authorization servers for a RADIUS scheme. When the primary server is not available, a
secondary server is used. In a scenario where redundancy is not required, specify only the primary
server.
A RADIUS authentication/authorization server can function as the primary authentication/authorization
server for one scheme and a secondary authentication/authorization server for another scheme at the
same time.
You can enable the server status detection feature. With the feature, the device periodically sends an
authentication request to check whether or not the target RADIUS authentication/authorization server is
reachable. If the server can be reached, the device sets the status of the server to active. If the server
cannot be reached, the device sets the status of the server to block. This feature can promptly notify
authentication modules of latest server status information. For example, server status detection can work
with the 802.1X critical VLAN feature, so that the device can trigger 802.1X authentication for users in the
critical VLAN immediately on detection of a reachable RADIUS authentication/authorization server.
To specify RADIUS authentication/authorization servers for a RADIUS scheme:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter RADIUS scheme view.
radius scheme radius-scheme-name N/A