F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

211

212

213

214

215

216

217

218

219

220

207

428BRADIUS scheme configuration task list

Task Remarks

723H

Creating a RADIUS scheme Required.

724H

Specifying the RADIUS authentication/authorization servers Required.

725H

Specifying the RADIUS accounting servers and the relevant parameters Optional.

726H

Specifying the shared keys for secure RADIUS communication Optional.

727H

Specifying a VPN for the RADIUS scheme Optional.

728H

Setting the username format and traffic statistics units Optional.

729H

Setting the supported RADIUS server type Optional.

730H

Setting the maximum number of RADIUS request transmission attempts Optional.

731H

Setting the status of RADIUS servers Optional.

732H

Specifying the source IP address for outgoing RADIUS packets Optional

733H

Setting RADIUS timers Optional.

734H

Configuring RADIUS accounting-on Optional.

735H

Configuring the IP address of the security policy server Optional.

736H

Configuring interpretation of the RADIUS class attribute as CAR parameters Optional.

737H

Enabling the trap function for RADIUS Optional.

738H

Enabling the RADIUS client service Optional.

739H

Displaying and maintaining RADIUS Optional.

429BCreating a RADIUS scheme

Before you perform other RADIUS configurations, first create a RADIUS scheme and enter RADIUS

scheme view. A RADIUS scheme can be referenced by multiple ISP domains at the same time.

To create a RADIUS scheme and enter RADIUS scheme view:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Create a RADIUS scheme and

enter RADIUS scheme view.

radius scheme

radius-scheme-name

By default, no RADIUS scheme is

created.

430BSpecifying the RADIUS authentication/authorization servers

In RADIUS, user authorization information is piggybacked in authentication responses sent to RADIUS

clients. It is neither allowed nor needed to specify a separate RADIUS authorization server.

You can specify one primary authentication/authorization server and up to 16 secondary

authentication/authorization servers for a RADIUS scheme. When the primary server is not available, a

secondary server is used. If no redundancy is needed, specify only the primary server.

A RADIUS authentication/authorization server can function as the primary authentication/authorization

server for one scheme and a secondary authentication/authorization server for another scheme at the

same time.