R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

• The ratio of the number of failed transmission attempts to the total number of authentication request

transmission attempts reaches the threshold. This threshold ranges from 1% to 100% and defaults to

30%. This threshold can only be configured through the MIB.

The failure ratio is typically small. If a trap message is triggered because the failure ratio is higher than

the threshold, troubleshoot the configuration on and the communication between the NAS and the

RADIUS server.

To enable the trap function for RADIUS:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enable the trap function for

RADIUS.

radius trap

{ accounting-server-down |

authentication-error-threshold |

authentication-server-down }

Disabled by default.

Enabling the RADIUS client service

To receive and send RADIUS packets, enable the RADIUS client service on the device. If RADIUS is not

required, disable the RADIUS client service to avoid attacks that exploit RADIUS packets.

To enable the RADIUS client service:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enable the RADIUS client

service.

radius client enable

Optional.

Enabled by default.

Displaying and maintaining RADIUS

Task Command

Remarks

Display the configuration of RADIUS

schemes (in standalone mode).

display radius scheme [ radius-scheme-name ]

[ slot slot-number ] [ | { begin | exclude |

include } regular-expression ]

Available in any

view.

Display the configuration of RADIUS

schemes (in IRF mode).

display radius scheme [ radius-scheme-name ]

[ chassis chassis-number slot slot-number ] [ |

{ begin | exclude | include }

regular-expression ]

Available in any

view.

Display the RADIUS packet statistics (in

standalone mode).

display radius statistics [ slot slot-number ] [ |

{ begin | exclude | include }

regular-expression ]

Available in any

view.

Display the RADIUS packet statistics (in

IRF mode).

display radius statistics [ chassis chassis-number

slot slot-number ] [ | { begin | exclude |

include } regular-expression ]

Available in any

view.

Display information about buffered

stop-accounting requests for which no

responses have been received (in

standalone mode).

display stop-accounting-buffer { radius-scheme

radius-scheme-name | session-id session-id |

time-range start-time stop-time | user-name

user-name } [ slot slot-number ] [ | { begin |

exclude | include } regular-expression ]

Available in any

view.