R3721-F3210-F3171-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

131

132

133

134

135

136

137

138

139

140

127

undo primary accounting

View

RADIUS scheme view

Default level

2: System level

Parameters

ipv4-address: IPv4 address of the primary accounting server.

ipv6 ipv6-address: IPv6 address of the primary accounting server.

port-number: Service port number of the primary accounting server, a UDP port number in the range of

1 to 65535. The default setting is 1813.

key [ cipher | simple ] key: Specifies the shared key (case-sensitive) for exchanging accounting packets

with the primary RADIUS accounting server. Follow these guidelines:

• This shared key must be the same as that configured on the RADIUS server.

• With the cipher keyword specified, the key must be a ciphertext string of 12, 24, 32, 44, 64, 76, 88,

or 96 characters, for example, _(TT8F]Y\5SQ=^Q`MAF4<1!!, and the key is displayed in cipher

text.

• With the simple keyword specified, the key must be a plaintext string of 1 to 64 characters, for

example aabbcc, and the key is displayed in plain text. The FIPS mode does not support the simple

keyword.

• With neither the cipher keyword nor the cipher keyword specified, the key must be a plaintext string

of 1 to 64 characters, and the key is displayed in cipher text.

• In FIPS mode, the key must be a ciphertext string of at least 8 characters that must contain uppercase

letters, lowercase letters, digits, and special characters, and is encrypted and decrypted with the

3DES algorithm.

vpn-instance vpn-instance-name: Specifies the VPN to which the primary RADIUS accounting server

belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the server is on the

public network, do not specify this option.

Description

Use primary accounting to specify the primary RADIUS accounting server.

Use undo primary accounting to remove the configuration.

By default, no primary RADIUS accounting server is specified.

The IP addresses of the accounting servers and those of the authentication/authorization servers must be

of the same IP version.

The IP addresses of the primary and secondary accounting servers must be different from each other.

Otherwise, the configuration fails.

If the specified server resides on a VPN, specify the VPN by using the vpn-instance vpn-instance-name

option.

If you change the primary accounting server when the firewall has already sent a start-accounting

request to the server, the communication with the primary server times out, and the firewall looks for a

server in active state from the new primary server on.