Manualshelf

R3102-R3103-HP 6600/HSR6600 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-XG Router
81828384858687888990
72
The setting configured by the nas-backup-ip command in RADIUS scheme view is only for the RADIUS
scheme, whereas the setting configured by the radius nas-backup-ip command in system view is for all
RADIUS schemes. The setting in RADIUS scheme view takes precedence.
Examples
# For a device working in stateful failover mode, set the source IP address and backup source IP address
for outgoing RADIUS packets to 2.2.2.2 and 3.3.3.3, respectively.
<Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] nas-ip 2.2.2.2
[Sysname-radius-radius1] nas-backup-ip 3.3.3.3
On the backup device, you must set the source IP address and backup source IP address for outgoing
RADIUS packets to 3.3.3.3 and 2.2.2.2, respectively.
Related commands
nas-ip
radius nas-ip
nas-ip (RADIUS scheme view)
Use nas-ip to specify a source IP address for outgoing RADIUS packets.
Use undo nas-ip to restore the default.
Syntax
nas-ip { ipv4-address | ipv6 ipv6-address }
undo nas-ip
Default
The source IP address of an outgoing RADIUS packet is that configured by the radius nas-ip command
in system view. If the radius nas-ip command is not configured, the source IP address is the IP address of
the outbound interface.
Views
RADIUS scheme view
Default command level
2: System level
Parameters
ipv4-address: IPv4 address in dotted decimal notation. It must be an address of the device and cannot
be 0.0.0.0, 255.255.255.255, a class D address, or a class E address.
ipv6 ipv6-address: Specifies an IPv6 address. It must be a unicast address of the device and cannot be
a link-local address.
Usage guidelines
The source IP address of RADIUS packets that a NAS sends must match the IP address of the NAS that
is configured on the RADIUS server. A RADIUS server identifies a NAS by its IP address. Upon receiving
a RADIUS packet, a RADIUS server checks whether the source IP address of the packet is the IP address
of any managed NAS. If it is, the server processes the packet. If it is not, the server drops the packet.