Support User Manuals

HP (Hewlett-Packard) 2600 Switch User Manual

Open as PDF

of 300

RADIUS Authentication and Accounting

Configuring the Switch for RADIUS Authentication

Note- This step assumes you have already configured the RADIUS server(s) to

support the switch. Refer to the documentation provided with the

RADIUS server documentation.)

• Server IP address

• (Optional) UDP destination port for authentication requests (default:

1812; recommended)

• (Optional) UDP destination port for accounting requests (default:

1813; recommended)

• (Optional) encryption key for use during authentication sessions with

a RADIUS server. This key overrides the global encryption key you

can also configure on the switch, and must match the encryption key

used on the specified RADIUS server. (Default: null)

3. Configure the global RADIUS parameters.

• Server Key: This key must match the encryption key used on the

RADIUS servers the switch contacts for authentication and account-

ing services unless you configure one or more per-server keys.

(Default: null.)

• Timeout Period: The timeout period the switch waits for a RADIUS

server to reply. (Default: 5 seconds; range: 1 to 15 seconds.)

• Retransmit Attempts: The number of retries when there is no server

response to a RADIUS authentication request. (Default: 3; range of 1

to 5.)

• Server Dead-Time: The period during which the switch will not send

new authentication requests to a RADIUS server that has failed to

respond to a previous request. This avoids a wait for a request to time

out on a server that is unavailable. If you want to use this feature,

select a dead-time period of 1 to 1440 minutes. (Default: 0—disabled;

range: 1 - 1440 minutes.) If your first-choice server was initially

unavailable, but then becomes available before the dead-time expires,

you can nullify the dead-time by resetting it to zero and then trying to

log on again. As an alternative, you can reboot the switch, (thus

resetting the dead-time counter to assume the server is available) and

then try to log on again.

• Number of Login Attempts: This is actually an aaa authentication

command. It controls how many times in one session a RADIUS client

(as well as clients using other forms of access) can try to log in with

the correct username and password. (Default: Three times per ses-

sion.)

(For RADIUS accounting features, refer to “Configuring RADIUS Accounting”

on page 5-17.)

5-7

previous next