HP (Hewlett-Packard) 2600 Switch User Manual


 
RADIUS Authentication and Accounting
Configuring the Switch for RADIUS Authentication
Note- This step assumes you have already configured the RADIUS server(s) to
support the switch. Refer to the documentation provided with the
RADIUS server documentation.)
Server IP address
(Optional) UDP destination port for authentication requests (default:
1812; recommended)
(Optional) UDP destination port for accounting requests (default:
1813; recommended)
(Optional) encryption key for use during authentication sessions with
a RADIUS server. This key overrides the global encryption key you
can also configure on the switch, and must match the encryption key
used on the specified RADIUS server. (Default: null)
3. Configure the global RADIUS parameters.
Server Key: This key must match the encryption key used on the
RADIUS servers the switch contacts for authentication and account-
ing services unless you configure one or more per-server keys.
(Default: null.)
Timeout Period: The timeout period the switch waits for a RADIUS
server to reply. (Default: 5 seconds; range: 1 to 15 seconds.)
Retransmit Attempts: The number of retries when there is no server
response to a RADIUS authentication request. (Default: 3; range of 1
to 5.)
Server Dead-Time: The period during which the switch will not send
new authentication requests to a RADIUS server that has failed to
respond to a previous request. This avoids a wait for a request to time
out on a server that is unavailable. If you want to use this feature,
select a dead-time period of 1 to 1440 minutes. (Default: 0—disabled;
range: 1 - 1440 minutes.) If your first-choice server was initially
unavailable, but then becomes available before the dead-time expires,
you can nullify the dead-time by resetting it to zero and then trying to
log on again. As an alternative, you can reboot the switch, (thus
resetting the dead-time counter to assume the server is available) and
then try to log on again.
Number of Login Attempts: This is actually an aaa authentication
command. It controls how many times in one session a RADIUS client
(as well as clients using other forms of access) can try to log in with
the correct username and password. (Default: Three times per ses-
sion.)
(For RADIUS accounting features, refer to “Configuring RADIUS Accounting”
on page 5-17.)
5-7