HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 39
Configuring the IP address of the security policy server
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 39 highlights
Step Command 1. Enter system view. system-view 2. Enter RADIUS scheme view. radius scheme radius-scheme-name 3. Enable accounting-on and configure parameters. accounting-on enable [ interval seconds | send send-times ] * Remarks N/A N/A Disabled by default. The default interval is 3 seconds and the default number of send-times is 50. NOTE: The accounting-on feature requires the cooperation of the HP IMC network management system. Configuring the IP address of the security policy server The core of the HP EAD solution is integration and cooperation, and the security policy server is the management and control center. Using a collection of software, the security policy server provides functions such as user management, security policy management, security status assessment, security cooperation control, and security event audit. The NAS checks the validity of received control packets and accepts only control packets from known servers. To use a security policy server that is independent of the AAA servers, you must configure the IP address of the security policy server on the NAS. To implement all EAD functions, configure both the IP address of the security policy server and that of the IMC Platform on the NAS. To configure the IP address of the security policy server for a scheme: Step 1. Enter system view. 2. Enter RADIUS scheme view. 3. Specify a security policy server. Command system-view Remarks N/A radius scheme radius-scheme-name N/A security-policy-server ip-address No security policy server is specified by default. Configuring interpretation of RADIUS class attribute as CAR parameters According to RFC 2865, a RADIUS server assigns the RADIUS class attribute (attribute 25) to a RADIUS client. However, the RFC only requires the RADIUS client to send the attribute to the accounting server on an "as is" basis. It does not require the RADIUS client to interpret the attribute. Some RADIUS servers use the class attribute to deliver the assigned committed access rate (CAR) parameters. In this case, the switch must interpret the attribute as the CAR parameters to implement user-based traffic monitoring and controlling. To configure the switch to interpret the RADIUS class attribute as CAR parameters: Step 1. Enter system view. 2. Enter RADIUS scheme view. 3. Interpret the class attribute as CAR parameters. Command system-view radius scheme radius-scheme-name attribute 25 car Remarks N/A N/A By default, RADIUS attribute 25 is not interpreted as CAR parameters. 29