HP 6120G/XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 192
radius-server dyn-autz-port, Change of Authorization messages CoA or Disconnect
View all HP 6120G/XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 192 highlights
RADIUS Authentication, Authorization, and Accounting Configuring the Switch for RADIUS Authentication [dyn-authorization] Enables or disables the processing of Disconnect and Change of Authorization messages from this host. When enabled, the RADIUS server can dynamically terminate or change the authorization parameters (such as VLAN assignment) used in an active client session on the switch. The UDP port specified in the radius-server dyn-autz-port command (defaults to 3799) is the port used to listen for Change of Authorization messages (CoA) or Disconnect messages (DM). See Change-of-Authorization on page 5-45. Default: Disabled [key < key-string >] Optional. Specifies an encryption key for use during authentication (or accounting) sessions with the specified server. This key must match the encryption key used on the RADIUS server. Use this command only if the specified server requires a different encryption key than configured for the global encryption key. Note: Formerly, when you saved the configuration file using Xmodem (Xmodem is supported over OA, Onboard Administrator, but not over USB) or TFTP, the RADIUS encryption key information was not saved in the file. This caused RADIUS authentication to break when the startup configuration file was loaded back onto the switch. You now can save the configured RADIUS shared secret (encryption) key to a configuration file by entering the following commands: include-credentials write memory For more information, see "Saving Security Credentials in a Config File" on page 2-10 in this guide. no radius-server host < ip-address > key Use the no form of the command to remove the key for a specified server. For example, suppose you have configured the switch as shown in figure 5-4 and you now need to make the following changes: 1. Change the encryption key for the server at 10.33.18.127 to "source0127". 5-16