Manualshelf

R2511-HP MSR Router Series Security Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
919293949596979899100
80
In FIPS mode, the shared key specified in this command is encrypted and decrypted through 3DES.
If the specified server resides on an MPLS VPN, specify the VPN by using the vpn-instance
vpn-instance-name option. The VPN specified by this command takes precedence over the VPN
specified for the RADIUS scheme.
If you remove a secondary accounting server when the device has already sent a start-accounting
request to the server, the communication with the secondary server times out, and the device looks for a
server in active state from the primary server on.
If you remove an accounting server being used by online users, the device can no longer send real-time
accounting requests or stop-accounting requests for the users, and it does not buffer the stop-accounting
requests.
For security purposes, all shared keys, including keys configured in plain text, are saved in ciphertext.
Examples
# For RADIUS scheme radius1, specify two secondary accounting servers with the server IP addresses of
10.110 .1.1 a n d 10 .110.1.2 and the UDP port number of 1813. Set the shared keys to hello in plain text.
<Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] secondary accounting 10.110.1.1 1813 key hello
[Sysname-radius-radius1] secondary accounting 10.110.1.2 1813 key hello
# For RADIUS scheme radius2, set the IP address of the secondary accounting server to 10.110 .1.1, t h e
UDP port to 1813, and the shared key to $c$3$NMCbVjyIutaV6csCOGp4zsKRTlg2eT3B in ciphertext.
<Sysname> system-view
[Sysname] radius scheme radius2
[Sysname-radius-radius2] secondary accounting 10.110.1.1 1813 key cipher
$c$3$NMCbVjyIutaV6csCOGp4zsKRTlg2eT3B
Related commands
key (RADIUS scheme view)
state
vpn-instance (RADIUS scheme view)
secondary authentication (RADIUS scheme view)
Use secondary authentication to specify a secondary RADIUS authentication/authorization server.
Use undo secondary authentication to remove the configuration.
Syntax
secondary authentication { ipv4-address | ipv6 ipv6-address } [ port-number | key [ cipher | simple ]
key | probe username name [ interval interval ] | vpn-instance vpn-instance-name ] *
undo secondary authentication [ ipv4-address | ipv6 ipv6-address ]
Default
No secondary RADIUS authentication/authorization server is specified.
Views
RADIUS scheme view