HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 36
Specifying the source IP address for outgoing RADIUS packets, communicate with any server.
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 36 highlights
If the quiet timer of a server expires or you manually set the server to the active state, the status of the server changes back to active, but the device does not check the server again during the authentication or accounting process. If no server is found reachable during one search process, the device considers the authentication or accounting attempt a failure. • If you remove an authentication or accounting server in use, the communication of the device with the server soon times out, and the device looks for a server in active state by first checking the primary server, and then checking secondary servers in the order they are configured. • When the primary server and secondary servers are all in blocked state, the device does not communicate with any server. • If one server is in active state and all the others are in blocked state, the device only tries to communicate with the server in active state, even if the server is unavailable. • If the status of a RADIUS server changes automatically, the device changes the status of this server accordingly in all RADIUS schemes in which this server is specified. By default, the device sets the status of all RADIUS servers to active. In some cases, however, you must change the status of a server. For example, if a server fails, you can change the status of the server to blocked to avoid communication attempts to the server. To set the status of RADIUS servers: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RADIUS scheme view. radius scheme radius-scheme-name N/A • Set the status of the primary RADIUS authentication server: state primary authentication { active | block } • Set the status of the primary RADIUS Configure at least one command. accounting server: state primary accounting { active | By default, every server block } specified in a RADIUS scheme • Set the status of a secondary RADIUS is in active state. 3. Set the RADIUS server status. authentication server: state secondary authentication The configured server status cannot be saved to any [ ip-address [ port-number | configuration file, and can vpn-instance vpn-instance-name ] * ] only be viewed by using the { active | block } display radius scheme • Set the status of a secondary RADIUS accounting server: command. After the device restarts, all servers are state secondary accounting restored to the active state. [ ip-address [ port-number | vpn-instance vpn-instance-name ] * ] { active | block } Specifying the source IP address for outgoing RADIUS packets The source IP address of RADIUS packets that a NAS sends must match the IP address of the NAS configured on the RADIUS server. A RADIUS server identifies a NAS by its IP address. Upon receiving a RADIUS packet, a RADIUS server checks whether the source IP address of the packet is the IP address of a managed NAS. If yes, the server processes the packet. If not, the server drops the packet. 27