R3721-F3210-F3171-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

131

132

133

134

135

136

137

138

139

140

128

If you remove an accounting server being used by users, the firewall no longer sends real-time

accounting requests and stop-accounting requests for the users, and does not buffer the stop-accounting

requests.

NOTE:

• The shared key configured by this command takes precedence over that configured by using the key

accounting [ cipher | simple ]

key

command.

• The VPN specified by this command takes precedence over the VPN specified for the RADIUS scheme.

Related commands: key and vpn-instance (RADIUS scheme view).

Examples

# For RADIUS scheme radius1, set the IP address of the primary accounting server to 10.110.1.2, the UDP

port to 1813, and the shared key to the plaintext string IT8Q4sHnitM=, and specify to display the key in

cipher text.

<Sysname> system-view

[Sysname] radius scheme radius1

[Sysname-radius-radius1] primary accounting 10.110.1.2 1813 key cipher IT8Q4sHnitM=

primary authentication (RADIUS scheme view)

Syntax

primary authentication { ipv4-address | ipv6 ipv6-address } [ port-number | key [ cipher | simple ] key

| vpn-instance vpn-instance-name ] *

undo primary authentication

View

RADIUS scheme view

Default level

2: System level

Parameters

ipv4-address: IPv4 address of the primary authentication/authorization server.

ipv6 ipv6-address: IPv6 address of the primary authentication/authorization server.

port-number: Service port number of the primary authentication/authorization server, a UDP port

number in the range of 1 to 65535. The default setting is 1812.

key [ cipher | simple ] key: Specifies the shared key (case-sensitive) for exchanging authentication and

authorization packets with the primary RADIUS authentication/authorization server. Follow these

guidelines:

• This shared key must be the same as that configured on the RADIUS server.

• With the cipher keyword specified, the key must be a ciphertext string of 12, 24, 32, 44, 64, 76, 88,

or 96 characters, for example, _(TT8F]Y\5SQ=^Q`MAF4<1!!, and the key is displayed in cipher

text.

• With the simple keyword specified, the key must be a plaintext string of 1 to 64 characters, for

example aabbcc, and the key is displayed in plain text. The FIPS mode does not support the simple

keyword.