HP (Hewlett-Packard) 2500 Switch User Manual


 
112
Enhancements in Release F.04.08
Configuring RADIUS Authentication and Accounting
radius-server retransmit < 1 .. 5 > If a RADIUS server fails to respond to an
authentication request, specifies how many
retries to attempt before closing the session.
(Default: 3; Range: 1 - 5)
Note
Where the switch has multiple RADIUS servers configured to support authentication requests, if the
first server fails to respond, then the switch tries the next server in the list, and so-on. If none of the
servers respond, then the switch attempts to use the secondary authentication method configured
for the type of access being attempted (console, Telnet, or SSH). If this occurs, see “Troubleshooting
SSH Operation” on page 101.
For example, suppose that your switch is configured to use three RADIUS servers for authenticating
access through Telnet and SSH. Two of these servers use the same encryption key. In this case your
plan is to configure the switch with the following global authentication parameters:
Allow only two tries to correctly enter username and password.
Use the global encryption key to support the two servers that use the same key. (For this
example, assume that you did not configure these two servers with a server-specific key.)
Use a dead-time of five minutes for a server that fails to respond to an authentication request.
Allow three seconds for request timeouts.
Allow two retries following a request that did not receive a response.
Figure 45. Example of Global Configuration Exercise for RADIUS Authentication