HP VPN Firewall Appliances Access Control Configuration Guide
207
Ste
p
Command
Remarks
3. Specify RADIUS
accounting servers.
• Specify the primary
RADIUS accounting
server:
primary accounting
{ ip-address | ipv6
ipv6-address }
[ port-number | key
[ cipher | simple ] key |
vpn-instance
vpn-instance-name ] *
• Specify a secondary
RADIUS accounting
server:
secondary accounting
{ ip-address | ipv6
ipv6-address }
[ port-number | key
[ cipher | simple ] key |
vpn-instance
vpn-instance-name ] *
Configure at least one command.
No accounting server is specified by
default.
The IP addresses of the primary and
secondary accounting servers must be
different from each other. Otherwise, the
configuration fails.
All servers for
authentication/authorization and
accounting, primary or secondary, must
use IP addresses of the same IP version.
In FIPS mode, you cannot set a plaintext
key, and the key must contain at least 8
characters comprising uppercase and
lowercase letters, digits, and special
characters.
4. Set the maximum number
of real-time accounting
attempts.
retry realtime-accounting
retry-times
Optional.
The default setting is 5.
5. Enable buffering of
stop-accounting requests
to which no responses are
received.
stop-accounting-buffer enable
Optional.
Enabled by default.
6. Set the maximum number
of stop-accounting
attempts.
retry stop-accounting
retry-times
Optional.
The default setting is 500.
Specifying the shared keys for secure RADIUS communication
The RADIUS client and RADIUS server use the MD5 algorithm and a shared key pair for packet
authentication and password encryption in a certain type of communication.
A shared key configured in RADIUS scheme view applies to all servers of the specified type (accounting
or authentication) in that scheme, and has a lower priority than those configured for individual RADIUS
servers.
To specify a shared key for secure RADIUS communication:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter RADIUS scheme
view.
radius scheme
radius-scheme-name
N/A