R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101
184
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter RADIUS scheme view.
radius scheme
radius-scheme-name
N/A
3. Specify a shared key for
authenticating RADIUS
authentication/authorization
or accounting packets.
key { accounting | authentication }
[ cipher | simple ] key
No shared key is specified by
default.
In FIPS mode, the firewall supports
only ciphertext shared keys of at
least 8 characters that must contain
uppercase letters, lowercase
letters, digits, and special
characters.
NOTE:
A
shared key configured on the firewall must be the same as that configured on the RADIUS server.
Specifying the VPN to which the servers belongs
After you specify a VPN for a RADIUS scheme, all the authentication/authorization/accounting servers
specified for the scheme belong to the VPN. However, if you also specify a VPN when specifying a server
for the scheme, the server belongs to the specific VPN.
To specify a VPN for a RADIUS scheme:
Step Command
1. Enter system view.
system-view
2. Enter RADIUS scheme view.
radius scheme radius-scheme-name
3. Specify a VPN for the RADIUS scheme. vpn-instance vpn-instance-name
Setting the supported RADIUS server type
The supported RADIUS server type determines the type of the RADIUS protocol that the firewall uses to
communicate with the RADIUS server. It can be standard or extended:
• Standard—Uses the standard RADIUS protocol, compliant to RFC 2865 and RFC 2866 or later.
• Extended—Uses the proprietary RADIUS protocol of HP.
When the RADIUS server runs on IMC, you must set the RADIUS server type to extended. When the
RADIUS server runs third-party RADIUS server software, either RADIUS server type applies. For the
firewall to function as a RADIUS server to authenticate login users, you must set the RADIUS server type
to standard.
To set the RADIUS server type:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter RADIUS scheme view.
radius scheme
radius-scheme-name
N/A