HP (Hewlett-Packard) 2300 Switch User Manual


 
111
Enhancements in Release F.04.08
Configuring RADIUS Authentication and Accounting
3. Configure the Switch’s Global RADIUS Parameters
You can configure the switch for the following global RADIUS parameters:
Number of login attempts: In a given session, specifies how many tries at entering the
correct username and password pair are allowed before access is denied and the session
terminated. (This is a general aaa authentication parameter and is not specific to RADIUS.)
Global server key: The server key the switch will use for contacts with all RADIUS servers
for which there is not a server-specific key configured by radius-server host < ip-address > key
< key-string >. This key is optional if you configure a server-specific key for each RADIUS
server entered in the switch. (Refer to “2. Configure the Switch To Access a RADIUS Server”
on page 109.)
Server timeout: Defines the time period in seconds for authentication attempts. If the
timeout period expires before a response is received, the attempt fails.
Server dead time: Specifies the time in minutes during which the switch avoids requesting
authentication from a server that has not responded to previous requests.
Retransmit attempts: If the first attempt to contact a RADIUS server fails, specifies how
many retries you want the switch to attempt on that server.
Syntax: aaa authentication num-attempts <1 .. 10 > Specifies how many tries for entering the
correct username and password before
shutting down the session due to input errors.
(Default: 3; Range: 1 - 10)
[no] radius-server
key < global-key-string > Specifies the global encryption key the switch
uses for sessions with servers for which the
switch does not have a server-specific key
assignment. This key is optional if all RADIUS
server addresses configured in the switch
include a server-specific encryption key.
(Default: Null.)
dead-time < 1 .. 1440 > Optional. Specifies the time in minutes during
which the switch will not attempt to use a
RADIUS server that has not responded to
an earlier authentication attempt. (Default: 0;
Range: 1 - 1440 minutes)
radius-server timeout < 1 .. 15 > Specifies the maximum time the switch waits
for a response to an authentication request
before counting the attempt as a failure.
(Default: 3 seconds; Range: 1 - 15 seconds)