R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

151

152

153

154

155

156

157

158

159

160

149

• When the primary server and secondary server are both in blocked state, the LB module

communicates with the primary server. If the primary server is available, its status changes to active;

otherwise, the status of the primary server remains the same.

• If one server is in active state while the other is in blocked state, the LB module only tries to

communicate with the server in active state, even if the server is unavailable.

By default, the LB module sets the status of each RADIUS server configured with an IP address to active.

You can manually change the status of a server as needed. For example, to use the secondary server for

authentication, you need to change the status of the primary server to blocked while leaving the

secondary server in active state.

Follow these steps to set the status of RADIUS servers:

To do… Use

the command…

Remarks

Enter system view system-view —

Enter RADIUS scheme view

radius scheme

radius-scheme-name

—

Set the status of the primary RADIUS

authentication/authorization server

state primary authentication

{ active | block }

Optional

active for every server

configured with IP

address in the RADIUS

scheme

Set the status of the primary RADIUS

accounting server

state primary accounting { active |

block }

Set the status of the secondary RADIUS

authentication/authorization server

state secondary authentication

{ active | block }

Set the status of the secondary RADIUS

accounting server

state secondary accounting { active

| block }

NOTE:

The server status set by the state command cannot be saved in the confi

uration file and will be restored

to active every time the server restarts.

Configuring the username format and traffic statistics units

A username is usually in the format of userid@isp-name, where isp-name represents the name of the ISP

domain the user belongs to and is used by the LB module to determine which users belong to which ISP

domains. However, some earlier RADIUS servers cannot recognize usernames that contain an ISP

domain name. In this case, the LB module must remove the domain name of each username before

sending the username. You can set the username format on the LB module for this purpose.

The LB module periodically sends accounting updates to RADIUS accounting servers to report the traffic

statistics of online users. For normal and accurate traffic statistics, make sure that the unit for data flows

and that for packets on the LB module are consistent with those on the RADIUS server.

Follow these steps to set the username format and the traffic statistics units for a RADIUS scheme:

To do… Use the command…

Remarks

Enter system view system-view —

Enter RADIUS scheme view

radius scheme

radius-scheme-name

—