Manualshelf

R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis
31323334353637383940
23
Configuring RADIUS schemes
A RADIUS scheme specifies the RADIUS servers that the device can work with and defines a set of
parameters. The device uses the parameters to exchange information with the RADIUS servers, including
the server IP addresses, UDP port numbers, shared keys, and server types.
Configuration task list
Tasks at a
g
lance
(Optional.) Configuring a test profile for RADIUS server status detection
(Required.) Creating a RADIUS scheme
(Required.) Specifying the RADIUS authentication servers
(Optional.) Specifying the RADIUS accounting servers and the relevant parameters
(Optional.) Specifying the shared keys for secure RADIUS communication
(Optional.) Specifying a VPN for the scheme
(Optional.) Setting the username format and traffic statistics units
(Optional.) Setting the maximum number of RADIUS request transmission attempts
(Optional.) Setting the status of RADIUS servers
(Optional.) Specifying the source IP address for outgoing RADIUS packets
(Optional.) Setting RADIUS timers
(Optional.) Configuring the accounting-on feature
(Optional.) Configuring the IP addresses of the security policy servers
(Optional.) Interpreting the RADIUS class attribute as CAR parameters
(Optional.) Configuring the attribute 15 check mode for SSH, FTP, and terminal users
(Optional.) Enabling SNMP notifications for RADIUS
(Optional.) Displaying and maintaining RADIUS
Configuring a test profile for RADIUS server status detection
You can configure a test profile on the device to detect whether a RADIUS authentication server is
reachable at a specific detection interval. To detect the RADIUS server status, you must configure the
RADIUS server to use this test profile in a RADIUS scheme.
With the test profile specified, the device periodically sends a detection packet to the RADIUS server at
detection intervals. The detection packet is a simulated authentication request that includes the specified
user name in the test profile.
If the device receives a response from the server within the interval, it sets the server to the active
state.
If the device does not receive any response from the server within the interval, it sets the server to the
blocked state.
The device refreshes the RADIUS server status at each detection interval according to the detection result.
The device stops detecting the status of the RADIUS server when one of the following operations is
performed:
The RADIUS server is removed from the RADIUS scheme.