HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 107
Configuration procedure, Con X
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 107 highlights
• The RADIUS server response timeout time is five seconds and the maximum number of RADIUS packet retransmission attempts is five. The Device sends real-time accounting packets to the RADIUS server at 15-minute intervals, and sends usernames without domain names to the RADIUS server. Configure port Ten-GigabitEthernet 1/1/5 of the device to allow only one 802.1X user and a user that uses one of the specified OUI values to be authenticated. Figure 36 Network diagram Configuration procedure The following configuration steps cover some AAA/RADIUS configuration commands. For more information about the commands, see Security Command Reference. Make sure the host and the RADIUS server can reach each other. 1. Configure AAA: # Configure a RADIUS scheme named radsun. system-view [Device] radius scheme radsun [Device-radius-radsun] primary authentication 192.168.1.2 [Device-radius-radsun] primary accounting 192.168.1.3 [Device-radius-radsun] secondary authentication 192.168.1.3 [Device-radius-radsun] secondary accounting 192.168.1.2 [Device-radius-radsun] key authentication simple name [Device-radius-radsun] key accounting simple money [Device-radius-radsun] timer response-timeout 5 [Device-radius-radsun] retry 5 [Device-radius-radsun] timer realtime-accounting 15 [Device-radius-radsun] user-name-format without-domain [Device-radius-radsun] quit # Configure ISP domain sun. [Device] domain sun [Device-isp-sun] authentication lan-access radius-scheme radsun [Device-isp-sun] authorization lan-access radius-scheme radsun [Device-isp-sun] accounting lan-access radius-scheme radsun [Device-isp-sun] quit 2. Configure 802.1X: # Set the 802.1X authentication method to CHAP. (This step is optional. By default, the authentication method is CHAP for 802.1X.) 98