Support User Manuals

HP (Hewlett-Packard) 2500 Switch User Manual

Open as PDF

of 270

111

Enhancements in Release F.04.08

Configuring RADIUS Authentication and Accounting

3. Configure the Switch’s Global RADIUS Parameters

You can configure the switch for the following global RADIUS parameters:

■ Number of login attempts: In a given session, specifies how many tries at entering the

correct username and password pair are allowed before access is denied and the session

terminated. (This is a general aaa authentication parameter and is not specific to RADIUS.)

■ Global server key: The server key the switch will use for contacts with all RADIUS servers

for which there is not a server-specific key configured by radius-server host < ip-address > key

< key-string >. This key is optional if you configure a server-specific key for each RADIUS

server entered in the switch. (Refer to “2. Configure the Switch To Access a RADIUS Server”

on page 109.)

■ Server timeout: Defines the time period in seconds for authentication attempts. If the

timeout period expires before a response is received, the attempt fails.

■ Server dead time: Specifies the time in minutes during which the switch avoids requesting

authentication from a server that has not responded to previous requests.

■ Retransmit attempts: If the first attempt to contact a RADIUS server fails, specifies how

many retries you want the switch to attempt on that server.

Syntax: aaa authentication num-attempts <1 .. 10 > Specifies how many tries for entering the

correct username and password before

shutting down the session due to input errors.

(Default: 3; Range: 1 - 10)

[no] radius-server

key < global-key-string > Specifies the global encryption key the switch

uses for sessions with servers for which the

switch does not have a server-specific key

assignment. This key is optional if all RADIUS

server addresses configured in the switch

include a server-specific encryption key.

(Default: Null.)

dead-time < 1 .. 1440 > Optional. Specifies the time in minutes during

which the switch will not attempt to use a

RADIUS server that has not responded to

an earlier authentication attempt. (Default: 0;

Range: 1 - 1440 minutes)

radius-server timeout < 1 .. 15 > Specifies the maximum time the switch waits

for a response to an authentication request

before counting the attempt as a failure.

(Default: 3 seconds; Range: 1 - 15 seconds)

previous next