F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

211

212

213

214

215

216

217

218

219

220

209

To specify RADIUS accounting servers and set relevant parameters for a scheme:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter RADIUS scheme

view.

radius scheme

radius-scheme-name

N/A

3. Specify RADIUS

accounting servers.

• Specify the primary

RADIUS accounting

server:

primary accounting

{ ip-address | ipv6

ipv6-address }

[ port-number | key

[ cipher | simple ] key |

vpn-instance

vpn-instance-name ] *

• Specify a secondary

RADIUS accounting

server:

secondary accounting

{ ip-address | ipv6

ipv6-address }

[ port-number | key

[ cipher | simple ] key |

vpn-instance

vpn-instance-name ] *

Configure at least one command.

No accounting server is specified by

default.

The IP addresses of the primary and

secondary accounting servers must be

different from each other. Otherwise, the

configuration fails.

All servers for

authentication/authorization and

accounting, primary or secondary, must

use IP addresses of the same IP version.

Support for the ipv6 ipv6-address option

depends on the device model. For more

information, see Access Control Command

Reference.

In FIPS mode, you cannot set a plaintext

key, and the key must contain at least 8

characters comprising uppercase and

lowercase letters, digits, and special

characters.

4. Set the maximum number

of real-time accounting

attempts.

retry realtime-accounting

retry-times

Optional.

The default setting is 5.

5. Enable buffering of

stop-accounting requests

to which no responses are

received.

stop-accounting-buffer enable

Optional.

Enabled by default.

6. Set the maximum number

of stop-accounting

attempts.

retry stop-accounting

retry-times

Optional.

The default setting is 500.

432BSpecifying the shared keys for secure RADIUS communication

The RADIUS client and RADIUS server use the MD5 algorithm and a shared key pair for packet

authentication and password encryption in a certain type of communication.

A shared key configured in RADIUS scheme view applies to all servers of the specified type (accounting

or authentication) in that scheme, and has a lower priority than those configured for individual RADIUS

servers.

To specify a shared key for secure RADIUS communication:

Ste

Command

Remarks

1. Enter system view.

system-view N/A