6-17
RADIUS Authentication, Authorization, and Accounting
Configuring the Switch for RADIUS Authentication
For example, suppose you have configured the switch as shown in figure 6-4
and you now need to make the following changes:
1. Change the encryption key for the server at 10.33.18.127 to “source0127”.
2. Add a RADIUS server with an IP address of 10.33.18.119 and a server-
specific encryption key of “source0119”.
Figure 6-4. Sample Configuration for RADIUS Server Before Changing the Key and Adding Another Server
To make the changes listed prior to figure 6-4, you would do the following:
[time-window <0-65535>]
The time window in seconds within which the received
dynamic authorization requests are considered to be cur-
rent and accepted for processing. A zero value means there
is no time limit. A non-zero value indicates that the even-
timestamp attribute is expected as part of all Change of
Authorization and Disconnect request messages. If the
timestamp attribute is not present the message is dropped.
Default: 300 seconds.
no radius-server host < ip-address > key
Use the no form of the command to remove the key for a
specified server.
HP Switch(config)# radius-server host 10.22.18.127 key source0127
HP Switch(config)# radius-server host 10.22.18.119 key source0119
HP Switch# show radius
Status and Counters - General RADIUS Information
Deadtime(min) : 0
Timeout(secs) : 5
Retransmit Attempts : 3
Global Encryption Key :
Dynamic Authorization UDP Port : 3799
Source IP Selection : Outgoing Interface
Auth Acct DM/ Time
Server IP Addr Port Port CoA Window Encryption Key OOBM
--------------- ---- ---- --- ------ -------------------------------- -----
10.33.18.127 1812 1813 No 300 TempKey01 No
To Next Page
Loading...
Need help?
General
