HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 195
RADIUS Authentication, Authorization, and Accounting, dead-time < 1 - 1440 >
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 195 highlights
Note RADIUS Authentication, Authorization, and Accounting Configuring the Switch for RADIUS Authentication dead-time < 1 - 1440 > Optional. Specifies the time in minutes during which the switch will not attempt to use a RADIUS server that has not responded to an earlier authentication attempt. (Default: 0; Range: 1 - 1440 minutes) dyn-autz-port Specifies the UDP port number that listens for Change of Authorization or Disconnect messages. The range of ports is 1024-49151. See Change-of-Authorization on page 5-45. Default: 3799 radius-server timeout < 1 - 15 > Specifies the maximum time the switch waits for a response to an authentication request before counting the attempt as a failure. (Default: 3 seconds; Range: 1 - 15 seconds) radius-server retransmit < 1 - 5 > If a RADIUS server fails to respond to an authentica tion request, specifies how many retries to attempt before closing the session. Default: 3; Range: 1 - 5) Where the switch has multiple RADIUS servers configured to support authen tication requests, if the first server fails to respond, then the switch tries the next server in the list, and so-on. If none of the servers respond, then the switch attempts to use the secondary authentication method configured for the type of access being attempted (console, Telnet, or SSH). If this occurs, refer to "RADIUS-Related Problems" in the Troubleshooting chapter of the Manage ment and Configuration Guide for your switch. For example, suppose that your switch is configured to use three RADIUS servers for authenticating access through Telnet and SSH. Two of these servers use the same encryption key. In this case your plan is to configure the switch with the following global authentication parameters: ■ Allow only two tries to correctly enter username and password. ■ Use the global encryption key to support the two servers that use the same key. (For this example, assume that you did not configure these two servers with a server-specific key.) ■ Use a dead-time of five minutes for a server that fails to respond to an authentication request. 5-19