Manualshelf

HP MSR2000/3000/4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
51525354555657585960
45
Examples
# For RADIUS scheme radius1, set the shared key for secure accounting communication to ok in plain
text.
<Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] key accounting simple ok
Related commands
display radius scheme
nas-ip (RADIUS scheme view)
Use nas-ip to specify a source IP address for outgoing RADIUS packets.
Use undo nas-ip to delete a source IP address for outgoing RADIUS packets.
Syntax
nas-ip { ipv4-address | ipv6 ipv6-address }
undo nas-ip [ ipv6 ]
Default
The source IP address of an outgoing RADIUS packet is that specified by using the radius nas-ip
command in system view. If the radius nas-ip command is not configured, the source IP address is the IP
address of the outbound interface.
Views
RADIUS scheme view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies an IPv4 address, which must be an address of the device and cannot be 0.0.0.0,
255.255.255.255, a class D address, a class E address, or a loopback address.
ipv6 ipv6-address: Specifies an IPv6 address, which must be a unicast address of the device and cannot
be a loopback address or a link-local address.
Usage guidelines
The source IP address of the RADIUS packets that a NAS sends must match the IP address of the NAS that
is configured on the RADIUS server. A RADIUS server identifies a NAS by its IP address. Upon receiving
a RADIUS packet, a RADIUS server checks whether the source IP address of the packet is the IP address
of a managed NAS. If it is, the server processes the packet. If it is not, the server drops the packet.
The setting configured by using the nas-ip command in RADIUS scheme view is effective only for the
RADIUS scheme, whereas that configured by using the radius nas-ip command in system view is effective
for all RADIUS schemes. The setting in RADIUS scheme view takes precedence over the setting in system
view.
If no source IP address is specified for outgoing RADIUS packets, packets returned from the server cannot
reach the device due to a physical port error. HP recommends you to configure a loopback interface
address as the source IP address for outgoing RADIUS packets.