HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 35
Setting the status of RADIUS servers
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 35 highlights
servers in active state. If no other servers are in active state at the time, it considers the authentication or accounting attempt a failure. For more information about RADIUS server states, see "Setting the status of RADIUS servers." To set the maximum number of RADIUS request transmission attempts for a scheme: Step 1. Enter system view. 2. Enter RADIUS scheme view. 3. Set the maximum number of RADIUS request transmission attempts. Command system-view radius scheme radius-scheme-name retry retry-times Remarks N/A N/A Optional. The default setting is 3. NOTE: • The maximum number of transmission attempts of RADIUS packets multiplied by the RADIUS server response timeout period cannot be greater than 75 seconds. • For more information about the RADIUS server response timeout period, see "Setting timers for controlling communication with RADIUS servers." Setting the status of RADIUS servers By setting the status of RADIUS servers to blocked or active, you can control which servers the switch communicates with for authentication, authorization, and accounting or turn to when the current servers are no longer available. In practice, you can specify one primary RADIUS server and multiple secondary RADIUS servers, with the secondary servers functioning as the backup of the primary servers. Generally, the switch chooses servers based on these rules: • When the primary server is in active state, the switch communicates with the primary server. If the primary server fails, the switch changes the server's status to blocked and starts a quiet timer for the server, and then turns to a secondary server in active state (a secondary server configured earlier has a higher priority). If the secondary server is unreachable, the switch changes the server's status to blocked, starts a quiet timer for the server, and continues to check the next secondary server in active state. This search process continues until the switch finds an available secondary server or has checked all secondary servers in active state. If the quiet timer of a server expires or an authentication or accounting response is received from the server, the status of the server changes back to active automatically, but the switch does not check the server again during the authentication or accounting process. If no server is found reachable during one search process, the switch considers the authentication or accounting attempt a failure. • Once the accounting process of a user starts, the switch keeps sending the user's real-time accounting requests and stop-accounting requests to the same accounting server. If you remove the accounting server, real-time accounting requests and stop-accounting requests for the user are no longer delivered to the server. • If you remove an authentication or accounting server in use, the communication of the switch with the server soon times out, and the switch looks for a server in active state from scratch by checking any primary server first and then secondary servers in the order they are configured. • When the primary server and secondary servers are all in blocked state, the switch communicates with the primary server. If the primary server is available, its status changes to active. Otherwise, its status remains to be blocked. 25