Manualshelf

R21xx-HP FlexFabric 11900 Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
41424344454647484950
42
Two accounting servers specified for a scheme, primary or secondary, cannot have identical IP address,
port number, and VPN settings.
The shared key configured by this command takes precedence over the shared key configured by using
the key accounting command.
If the specified server resides on an MPLS L3VPN, specify the VPN by using the vpn-instance
vpn-instance-name option. The VPN specified by this command takes precedence over the VPN
specified for the RADIUS scheme.
If you use the secondary accounting command to modify or delete a secondary accounting server to
which the device is sending a start-accounting request, communication with the secondary server times
out, and the device looks for an active server with the highest priority for accounting.
If you remove an actively used accounting server, the device no longer sends users' real-time accounting
requests and stop-accounting requests, and does not buffer the stop-accounting requests.
For security purpose, all shared keys, including shared keys configured in plain text, are saved in
ciphertext.
Examples
# For RADIUS scheme radius1, specify a secondary accounting server with the IP address 10.110 .1.1 a n d
the UDP port 1813.
<Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] secondary accounting 10.110.1.1 1813
# For RADIUS scheme radius2, specify two secondary accounting servers with the server IP addresses of
10.110 .1.1 a n d 10 .110.1.2 and the UDP port number of 1813.
<Sysname> system-view
[Sysname] radius scheme radius2
[Sysname-radius-radius2] secondary accounting 10.110.1.1 1813
[Sysname-radius-radius2] secondary accounting 10.110.1.2 1813
Related commands
display radius scheme
key (RADIUS scheme view)
primary accounting (RADIUS scheme view)
vpn-instance (RADIUS scheme view)
secondary authentication (RADIUS scheme view)
Use secondary authentication to specify a secondary RADIUS authentication server.
Use undo secondary authentication to remove a secondary RADIUS authentication server.
Syntax
secondary authentication { ipv4-address | ipv6 ipv6-address } [ port-number | key { cipher | simple }
string | vpn-instance vpn-instance-name ] *
undo secondary authentication [ { ipv4-address | ipv6 ipv6-address } [ port-number | vpn-instance
vpn-instance-name ] * ]
Default
No secondary RADIUS authentication server is specified.