R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

151

152

153

154

155

156

157

158

159

160

148

To do… Use the command…

Remarks

Set the maximum number of RADIUS

request retransmission attempts

retry retry-times

Optional

3 by default

NOTE:

• The maximum number of retransmission attempts of RADIUS packets multiplied by the RADIUS server

response timeout period cannot be greater than 75.

• To configure the RADIUS server response timeout period, use the timer response-timeout command.

Setting the supported RADIUS server type

The supported RADIUS server type determines the type of the RADIUS protocol that the LB module uses

to communicate with the RADIUS server. It can be standard or extended:

• Standard—Uses the standard RADIUS protocol, compliant to RFC 2865 and RFC 2866 or later.

• Extended—Uses the proprietary RADIUS protocol of HP.

When the RADIUS server runs IMC, you must set the RADIUS server type to extended. When the RADIUS

server runs third-party RADIUS server software, either RADIUS server type applies.

Follow these steps to set the supported RADIUS server type:

To do… Use the command…

Remarks

Enter system view system-view —

Enter RADIUS scheme view

radius scheme

radius-scheme-name

—

Specify the RADIUS server type

supported by the LB module

server-type { extended |

standard }

Optional

By default, the supported RADIUS

server type is standard.

NOTE:

Changing the RADIUS server type will restore the unit for data flows and that for packets that are sent to

the RADIUS server to the defaults.

Setting the status of RADIUS servers

By setting the status of RADIUS servers to blocked or active, you can control which servers the LB module

will communicate with for authentication, authorization, and accounting or turn to when the current

servers are not available any more. With both primary servers and secondary servers configured, the LB

module chooses servers based on these rules:

• When the primary server and secondary server are both in active state, the LB module

communicates with the primary server. If the primary server fails, the LB module changes the status

of the primary server to blocked and turns to the secondary server. When the quiet timer times out,

the LB module resumes the status of the primary server to active while keeping the status of the

secondary server unchanged. In the case of authentication/authorization, the LB module resumes

the communication with the primary server; in the case of accounting, however, the LB module

keeps communicating with the secondary server if accounting has already started, no matter

whether the primary server recovers or not.