Manualshelf

HP MSR2000/3000/4000 Router Series Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router
31323334353637383940
21
Configuring RADIUS schemes
A RADIUS scheme specifies the RADIUS servers that the device can work with and defines a set of
parameters that the device uses to exchange information with the RADIUS servers, including the IP
addresses of the servers, UDP port numbers, shared keys, and server types.
Configuration task list
Tasks at a
g
lance
(Required.) Creating a RADIUS scheme
(Required.) Specifying the RADIUS authentication servers
(Optional.) Specifying the RADIUS accounting servers and the relevant parameters
(Optional.) Specifying the shared keys for secure RADIUS communication
(Optional.) Specifying a VPN for the scheme
(Optional.) Setting the username format and traffic statistics units
(Optional.) Setting the maximum number of RADIUS request transmission attempts
(Optional.) Setting the status of RADIUS servers
(Optional.) Specifying the source IP address for outgoing RADIUS packets
(Optional.) Setting RADIUS timers
(Optional.) Configuring the accounting-on feature
(Optional.) Configuring the IP addresses of the security policy servers
(Optional.) Displaying and maintaining RADIUS
Creating a RADIUS scheme
Create a RADIUS scheme before performing any other RADIUS configurations. You can configure up to
16 RADIUS schemes. A RADIUS scheme can be referenced by multiple ISP domains.
To create a RADIUS scheme:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a RADIUS scheme and
enter its view.
radius scheme
radius-scheme-name
By default, no RADIUS scheme is
defined.
Specifying the RADIUS authentication servers
A RADIUS authentication server completes authentication and authorization together, because
authorization information is piggybacked in authentication responses sent to RADIUS clients.
You can specify one primary authentication server and up to 16 secondary authentication servers for a
RADIUS scheme. When the primary server is not available, the device tries to communicate with the
secondary servers in the order they are configured, and communicates with the first secondary server in
active state. If redundancy is not required, specify only the primary server. A RADIUS authentication
server can function as the primary authentication server for one scheme and a secondary authentication
server for another scheme at the same time.
To specify RADIUS authentication servers for a RADIUS scheme: