Manualshelf

R21xx-HP FlexFabric 11900 Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
51525354555657585960
43
Views
RADIUS scheme view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies the IPv4 address of the secondary RADIUS authentication server.
ipv6 ipv6-address: Specifies the IPv6 address of the secondary RADIUS authentication server.
port-number: Sets the service port number of the secondary RADIUS authentication server, a UDP port
number in the range of 1 to 65535. The default setting is 1812.
key { cipher | simple } string: Sets the shared key for secure communication with the secondary RADIUS
authentication server.
cipher string: Sets a ciphertext shared key. The string argument is case sensitive. In non-FIPS mode,
the key is a string of 1 to 117 characters. In FIPS mode, the key is a string of 15 to 117 characters.
simple string: Sets a plaintext shared key. The string argument is case sensitive. In non-FIPS mode,
the key is a string of 1 to 64 characters. In FIPS mode, the key is a string of 15 to 64 characters and
must contain numbers, uppercase letters, lowercase letters, and special characters.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the secondary RADIUS
authentication server belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters.
If the server is on the public network, do not specify this option.
Usage guidelines
Make sure that the port number and shared key settings of each secondary RADIUS authentication server
are the same as those configured on the corresponding server.
You can configure up to 16 secondary RADIUS authentication servers for a RADIUS scheme. With the
configuration, if the primary server fails, the device looks for a secondary server in active state (a
secondary RADIUS authentication server configured earlier has a higher priority) and tries to
communicate with it.
Two authentication servers specified for a scheme, primary or secondary, cannot have identical IP
address, port number, and VPN settings.
The shared key configured by this command takes precedence over the shared key configured by using
the key authentication command.
If the specified server resides on an MPLS L3VPN, specify the VPN by using the vpn-instance
vpn-instance-name option. The VPN specified by this command takes precedence over the VPN
specified for the RADIUS scheme.
If you use the secondary authentication command to modify or delete a secondary authentication server
during an authentication process, communication with the secondary server times out, and the device
looks for an active server with the highest priority for authentication.
For security purpose, all shared keys, including shared keys configured in plain text, are saved in
ciphertext.
Examples
# For RADIUS scheme radius1, specify a secondary authentication server with the IP address 10.110.1.2
and the UDP port 1812.
<Sysname> system-view