Filter
Top Products
Working with public access attributes
Defining and retrieving site attributes
Enable the Retrieve attributes using RADIUS option to configure the following
parameters:
RADIUS profile: Select a RADIUS profile. The profile is used to establish the connection
to a RADIUS server. RADIUS profiles are defined by selecting Service controller >>
Authentication > RADIUS profiles.
RADIUS username: Specify the username of the RADIUS account assigned to the
service controller.
RADIUS password / Confirm password: Specify the password of the RADIUS account
assigned to the service controller.
Accounting: Enable this option to have the service controller generate a RADIUS
accounting request ON/OFF each time its authentication state changes.
Retrieved attributes override configured attributes: Enable this option to have
attributes retrieved from the RADIUS server overwrite settings defined in the
Configured attributes table.
Retrieval interval: Specify the number of minutes between attribute retrievals. The
service controller retrieves attributes from its RADIUS account each time this interval
expires.
To avoid potential service interruptions that may occur when new attributes are
activated by the service controller, it is strongly recommends that you use a large interval
(12 hours or more).
You can override the value configured on this page by using the RADIUS attribute
Session-timeout, which enables the following strategy: Configure Retrieval interval
to a small value (10 to 20 minutes) and set the RADIUS attribute Session-timeout to
override it with a large value (12 hours) when authentication is successful. Since the
Retrieval interval is also respected for Access Reject packets, this configuration results
in a short reauthentication interval in the case of failure, and a long one in the case of
success.
Last retrieved: Shows the amount of time that has passed since the service controller
last retrieved attributes.
Retrieve Now: Select to force the service controller to contact the RADIUS server and
retrieve attributes.
Configured attributes
HP ProCurve has defined a vendor-specific RADIUS attribute to support configuration of the
public access interface and user accounts. This attribute conforms to RADIUS RFC 2865 and
is called the Colubris AV-Pair.
Multiple instances of the Colubris AV-Pair attribute can be defined to configure a variety of
settings. Each instance is called an AV-Pair value. This table lists all AV-Pair values that are
defined on the service controller.
9-4