Home > HP > Switch > HP A 5120 Manual

HP A 5120 Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual HP A 5120 Manual. The HP manuals for Switch are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 31

    Page 31 21 Task Remarks Configuring RADIUS accounting-on Optional Specifying a security policy server Optional Configuring interpretation of RADIUS class attribute as CAR parameters Optional Enabling the RADIUS trap function Optional Enabling the listening port of the RADIUS client Optional Displaying and maintaining RADIUS Optional Creating a RADIUS scheme Before performing other RADIUS configurations, follow these steps to create a RADIUS scheme and enter RADIUS scheme view: To do… Use the... 
    21 
Task Remarks 
Configuring RADIUS accounting-on Optional 
Specifying a security policy server Optional 
Configuring interpretation of RADIUS class attribute as CAR 
parameters Optional 
Enabling the RADIUS trap function Optional 
Enabling the listening port of the RADIUS client Optional 
Displaying and maintaining RADIUS Optional 
 
Creating a RADIUS scheme 
Before performing other RADIUS configurations, follow these steps to create a RADIUS  scheme and enter 
RADIUS scheme view: 
To do… Use the...

    Page 32

    Page 32 22 NOTE:  If both the primary and secondary authentication/authorization servers are specified, the secondary one is used when the primary one is not reachable.  If redundancy is not required, specify only the primary RADIUS authentication/authorization server.  In practice, you may specify one RADIUS server as the primary authentication/authorization server, and up to 16 RADIUS servers as the secondary authentication/authorization servers, or specify a server as the primary... 
    22 
 NOTE: 
 If both the primary and secondary authentication/authorization servers are specified, the secondary one is used 
when the primary one is not reachable.  
 If redundancy is not required, specify only the primary RADIUS authentication/authorization server. 
 In practice, you may specify one RADIUS server as the primary authentication/authorization server, and up to 
16 RADIUS servers as the secondary authentication/authorization servers, or specify a server as the primary...

    Page 33

    Page 33 23 NOTE:  The IP addresses of the primary and secondary accounting servers must be different from each other. Otherwise, the configuration fails.  All servers for authentication/authorization and accountings, primary or secondary, must use IP addresses of the same IP version.  If you delete an accounting server serving users, the device can no longer send real-time accounting requests and stop-accounting requests for the users to that server, or buffer the stop-accounting requests.  You can... 
    23 
 NOTE: 
 The IP addresses of the primary and secondary accounting servers must be different from each other. Otherwise, 
the configuration fails. 
 All servers for authentication/authorization and accountings, primary or secondary, must use IP addresses of the 
same IP version. 
 If you delete an accounting server serving users, the device can no longer send real-time accounting requests 
and stop-accounting requests for the users to that server, or buffer the stop-accounting requests. 
 You can...

    Page 34

    Page 34 24 . NOTE:  The maximum number of transmission attempts of RADIUS packets multiplied by the RADIUS server response timeout period cannot be greater than 75 seconds.  For more information about the RADIUS server response timeout period, see “Setting timers for controlling communication with RADIUS servers.“ Setting the supported RADIUS server type The supported RADIUS server type determines the type of the RADIUS protocol that the device uses to communicate with the RADIUS... 
    24 
. 
 NOTE: 
 The maximum number of transmission attempts of RADIUS packets multiplied by the RADIUS server response 
timeout period cannot be greater than 75 seconds. 
 For more information about the RADIUS server response timeout period, see “Setting timers for controlling 
communication with RADIUS servers.“  
Setting the supported RADIUS server type 
The  supported  RADIUS  server  type  determines  the  type  of  the  RADIUS  protocol  that  the  device  uses  to 
communicate with the RADIUS...

    Page 35

    Page 35 25 accounting server, real-time accounting requests and stop-accounting requests of the user cannot be delivered to the server anymore.  If you remove an authentication or accounting server in use, the communication of the device with the server will soon time out, and the device will look for a server in the active state from scratch: it checks the primary server (if any) first and then the secondary servers in the order they are configured.  When the primary... 
    25 
accounting server, real-time accounting requests and stop-accounting requests of the user cannot be 
delivered to the server anymore.  
 If  you  remove an  authentication or  accounting  server  in  use, the  communication of  the device with 
the  server  will soon time out,  and  the  device  will  look  for  a  server  in the active state  from  scratch: it 
checks the  primary  server (if  any)  first  and then  the  secondary  servers in the order  they  are 
configured. 
 When  the  primary...

    Page 36

    Page 36 26 Follow these steps to set the username format and the traffic statistics units for a RADIUS scheme: To do… Use the command… Remarks Enter system view system-view — Enter RADIUS scheme view radius scheme radius-scheme- name — Set the format for usernames sent to the RADIUS servers user-name-format { keep-original | with-domain | without-domain } Optional By default, the ISP domain name is included in the username. Specify the unit for data flows or packets sent to the RADIUS servers... 
    26 
Follow these steps to set the username format and the traffic statistics units for a RADIUS scheme: 
To do… Use the command… Remarks 
Enter system view system-view — 
Enter RADIUS scheme view radius scheme radius-scheme-
name — 
Set the format for usernames sent 
to the RADIUS servers 
user-name-format { keep-original 
| with-domain | without-domain 
} 
Optional 
By default, the ISP domain name 
is included in the username. 
Specify the unit for data flows or 
packets sent to the RADIUS 
servers...

    Page 37

    Page 37 27 To do… Use the command… Remarks Enter system view system-view — Enter RADIUS scheme view radius scheme radius-scheme- name — Specify a source IP address for outgoing RADIUS packets nas-ip { ip-address | ipv6 ipv6-address } Required By default, the IP address of the outbound interface is used as the source IP address. Setting timers for controlling communication with RADIUS servers The device uses the following types of timers to control the communication with a RADIUS server:  Server... 
    27 
To do… Use the command… Remarks 
Enter system view system-view — 
Enter RADIUS scheme view radius scheme radius-scheme-
name — 
Specify a source IP address 
for outgoing RADIUS packets 
nas-ip { ip-address | ipv6 
ipv6-address } 
Required 
By default, the IP address of the outbound 
interface is used as the source IP address. 
 
Setting timers for controlling communication with RADIUS servers 
The device uses the following types of timers to control the communication with a RADIUS server:  
 Server...

    Page 38

    Page 38 28 NOTE:  For an access module, the maximum number of transmission attempts multiplied by the RADIUS server response timeout period must be less than the client connection timeout time and must not exceed 75 seconds. Otherwise, stop-accounting messages cannot be buffered, and the primary/secondary server switchover cannot take place. For example, because the client connection timeout time for voice access is 10 seconds, the product of the two parameters must be less than 10 seconds; because the... 
    28 
 NOTE: 
 For an access module, the maximum number of transmission attempts multiplied by the RADIUS server response 
timeout period must be less than the client connection timeout time and must not exceed 75 seconds. Otherwise, 
stop-accounting messages cannot be buffered, and the primary/secondary server switchover cannot take place. 
For example, because the client connection timeout time for voice access is 10 seconds, the product of the two 
parameters must be less than 10 seconds; because the...

    Page 39

    Page 39 29 The NAS checks the validity of received control packets and accepts only control packets from known servers. To use a security policy server that is independent of the AAA servers, you must configure the IP address of the security policy server on the NAS. To implement all EAD functions, configure both the IP address of the iMC security policy server and that of the iMC configuration platform on the NAS. Follow these steps to specify a security policy... 
    29 
The  NAS  checks  the  validity  of  received  control  packets  and  accepts  only  control  packets  from  known 
servers.  To  use  a  security  policy  server  that  is  independent  of  the  AAA  servers,  you  must  configure  the  IP 
address  of  the  security  policy  server  on the NAS.  To  implement all EAD functions, configure  both the  IP 
address of the iMC security policy server and that of the iMC configuration platform on the NAS. 
Follow these steps to specify a security policy...

    Page 40

    Page 40 30 The failure ratio is generally small. If you see a trap message triggered due to a higher failure ratio, check the configurations on the NAS and the RADIUS server and the communications between them. Follow these steps to enable the RADIUS trap function: To do… Use the command… Remarks Enter system view system-view — Enable the RADIUS trap function radius trap { accounting-server-down | authentication-error-threshold | authentication- server-down } Required Disabled by... 
    30 
The failure  ratio  is generally small.  If  you  see  a  trap  message  triggered  due  to  a  higher  failure  ratio, 
check the configurations on the NAS and the RADIUS server and the communications between them. 
Follow these steps to enable the RADIUS trap function: 
To do… Use the command… Remarks 
Enter system view system-view — 
Enable the RADIUS trap 
function 
radius trap { accounting-server-down | 
authentication-error-threshold | authentication-
server-down } 
Required 
Disabled by...
    Start reading HP A 5120 Manual

    Related Manuals for HP A 5120 Manual

    All HP manuals