Security-Policy-Server - HP A-U200 Command Reference Manual

Unified threat management products

page of 148

/ 148
Contents
Table of Contents
Bookmarks

Table of Contents

Use

the

authentication/authorization server.

By default, no secondary RADIUS authentication/authorization server is specified.

You can configure up to 16 secondary RADIUS authentication/authorization servers for a RADIUS

scheme by executing this command repeatedly. After the configuration, if the primary server fails, the

device looks for a secondary server in active state (a secondary RADIUS authentication/authorization

server configured earlier has a higher priority) and tries to communicate with it.

The IP addresses of the authentication/authorization servers and those of the accounting servers must be

of the same IP version.

The IP addresses of the primary and secondary authentication/authorization servers must be different

from each other. Otherwise, the configuration fails.

If you remove a secondary authentication server in use in the authentication process, the communication

with the secondary server will time out, and the device will look for a server in active state from the

primary server on.

NOTE:

The shared key configured by this command takes precedence over that configured by using the key

accounting

Related commands: key and state.

Examples

# For RADIUS scheme radius1, set the IP address of the secondary authentication/authorization server

to 10.1 10.1.2, the UDP port to 1812.

<Sysname> system-view

[Sysname] radius scheme radius1

[Sysname-radius-radius1] secondary authentication 10.110.1.2 1812

# Specify two secondary authentication/authorization servers for RADIUS scheme radius2, with the

server IP addresses of 10.1 10.1.1 and 10.1 10.1.2, and the UDP port number of 1813..

<Sysname> system-view

[Sysname] radius scheme radius2

[Sysname-radius-radius2] secondary authentication 10.110.1.1 1812

[Sysname-radius-radius2] secondary authentication 10.110.1.2 1812