R3721-F3210-F3171-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

141

142

143

144

145

146

147

148

149

150

138

Examples

# For RADIUS scheme radius1, set the IP address of the secondary accounting server to 10.110 .1.1, t h e

UDP port to 1813, and the shared key to the ciphertext string IT8Q4sHnitM=, and specify to display the

key in cipher text.

<Sysname> system-view

[Sysname] radius scheme radius1

[Sysname-radius-radius1] secondary accounting 10.110.1.1 1813 key cipher IT8Q4sHnitM=

# For RADIUS scheme radius2, specify two secondary accounting servers with the server IP addresses of

10.110 .1.1 a n d 10 .110.1.2 and the UDP port number of 1813. Set the shared keys to plaintext string hello,

and specify to display the keys in cipher text.

<Sysname> system-view

[Sysname] radius scheme radius2

[Sysname-radius-radius2] secondary accounting 10.110.1.1 1813 key hello

[Sysname-radius-radius2] secondary accounting 10.110.1.2 1813 key hello

secondary authentication (RADIUS scheme view)

Syntax

secondary authentication { ipv4-address | ipv6 ipv6-address } [ port-number | key [ cipher | simple ]

key | vpn-instance vpn-instance-name ] *

undo secondary authentication [ ipv4-address | ipv6 ipv6-address ]

View

RADIUS scheme view

Default level

2: System level

Parameters

ipv4-address: IPv4 address of the secondary authentication/authorization server, in dotted decimal

notation.

ipv6 ipv6-address: IPv6 address of the secondary authentication/authorization server.

port-number: Service port number of the secondary authentication/authorization server, a UDP port

number in the range of 1 to 65535. The default setting is 1812.

key [ cipher | simple ] key: Specifies the shared key (case-sensitive) for exchanging

authentication/authorization packets with the secondary RADIUS authentication/authorization server.

Follow these guidelines:

• This shared key must be the same as that configured on the RADIUS server.

• With the cipher keyword specified, the key must be a ciphertext string of 12, 24, 32, 44, 64, 76, 88,

or 96 characters, for example, _(TT8F]Y\5SQ=^Q`MAF4<1!!, and the key is displayed in cipher

text.

• With the simple keyword specified, the key must be a plaintext string of 1 to 64 characters, for

example aabbcc, and the key is displayed in plain text. The FIPS mode does not support the simple

keyword.

• With neither the cipher keyword nor the cipher keyword specified, the key must be a plaintext string

of 1 to 64 characters, and the key is displayed in cipher text.