Manualshelf

R2511-HP MSR Router Series Security Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
919293949596979899100
79
Use undo secondary accounting to remove the configuration.
Syntax
secondary accounting { ipv4-address | ipv6 ipv6-address } [ port-number | key [ cipher | simple ] key
| vpn-instance vpn-instance-name ] *
undo secondary accounting [ ipv4-address | ipv6 ipv6-address ]
Default
No secondary RADIUS accounting server is specified.
Views
RADIUS scheme view
Default command level
2: System level
Parameters
ipv4-address: Specifies the IPv4 address of the secondary RADIUS accounting server.
ipv6 ipv6-address: Specifies the IPv6 address of the secondary RADIUS accounting server, which must
be a valid global unicast address.
port-number: Specifies the service port number of the secondary RADIUS accounting server, which is a
UDP port number. The value range for the port number is 1 to 65535, and the default is 1813.
key [ cipher | simple ] key: Specifies the shared key for secure communication with the secondary
RADIUS accounting server.
cipher key: Specifies a ciphertext shared key, which is a case-sensitive ciphertext string of 1 to 117
characters.
simple key: Specifies a plaintext shared key, which is a case-sensitive string of 1 to 64 characters.
If neither cipher nor simple is specified, you set a plaintext shared key string.
In FIPS mode, the shared key must be at least eight characters and contain digits, uppercase letters,
lowercase letters, and special characters.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the secondary RADIUS accounting
server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the
server is on the public network, do not specify this option.
Usage guidelines
Make sure the port number and shared key settings of the secondary RADIUS accounting server are the
same as those configured on the server.
You can configure up to 16 secondary RADIUS accounting servers for a RADIUS scheme. After the
configuration, if the primary server fails, the device looks for a secondary server in active state (a
secondary RADIUS accounting server configured earlier has a higher priority) and tries to communicate
with it.
The IP addresses of the accounting servers and those of the authentication/authorization servers must be
of the same IP version.
The IP addresses of the primary and secondary accounting servers must be different from each other.
Otherwise, the configuration fails.
The shared key configured by this command takes precedence over that configured by using the key
accounting [ cipher | simple ] key command.