F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

221

222

223

224

225

226

227

228

229

230

217

The failure ratio is typically small. If a trap message is triggered because the failure ratio is higher than

the threshold, troubleshoot the configuration on and the communication between the NAS and the

RADIUS server.

To enable the trap function for RADIUS:

Ste

Command

Remarks

1. Enter system view. system-view N/A

2. Enable the trap function for

RADIUS.

radius trap { accounting-server-down |

authentication-error-threshold |

authentication-server-down }

Disabled by default.

444BEnabling the RADIUS client service

To receive and send RADIUS packets, enable the RADIUS client service on the device. If RADIUS is not

required, disable the RADIUS client service to avoid attacks that exploit RADIUS packets.

To enable the RADIUS client service:

Ste

Command

Remarks

1. Enter system view. system-view N/A

2. Enable the RADIUS client

service.

radius client enable

Optional.

Enabled by default.

445BDisplaying and maintaining RADIUS

Task Command

Remarks

Display the configuration of

RADIUS schemes.

display radius scheme [ radius-scheme-name ] [ |

{ begin | exclude | include } regular-expression ]

Available in any view.

Display the RADIUS packet

statistics.

display radius statistics [ | { begin | exclude |

include } regular-expression ]

Available in any view.

Display information about

buffered stop-accounting

requests for which no

responses have been

received.

display stop-accounting-buffer { radius-scheme

radius-scheme-name | session-id session-id |

time-range start-time stop-time | user-name

user-name } [ | { begin | exclude | include }

regular-expression ]

Available in any view.

Clear RADIUS statistics. reset radius statistics Available in user view.

Clear the buffered

stop-accounting requests for

which no responses have

been received.

reset stop-accounting-buffer { radius-scheme

radius-scheme-name | session-id session-id |

time-range start-time stop-time | user-name

user-name }

Available in user view.

231BConfiguring HWTACACS schemes

You cannot remove the HWTACACS schemes in use or change the IP addresses of the HWTACACS

servers in use.