RADIUS Authentication and Accounting

Configuring the Switch for RADIUS Authentication

Syntax: aaa authentication num-attempts < 1 - 10 >

Specifies how many tries for entering the correct user- name and password before shutting down the session due to input errors. (Default: 3; Range: 1 - 10).

[no] radius-server

key < global-key-string >

Specifies the global encryption key the switch uses with servers for which the switch does not have a server- specific key assignment. This key is optional if all RADIUS server addresses configured in the switch include a server-specific encryption key. (Default: Null.)

dead-time < 1 - 1440 >

Optional. Specifies the time in minutes during which the switch will not attempt to use a RADIUS server that has not responded to an earlier authentication attempt. (Default: 0; Range: 1 - 1440 minutes)

radius-server timeout < 1 - 15 >

 

Specifies the maximum time the switch waits for a

 

response to an authentication request before counting

 

the attempt as a failure. (Default: 3 seconds; Range: 1

 

- 15 seconds)

 

radius-server retransmit < 1 - 5 >

 

If a RADIUS server fails to respond to an authentica-

 

tion request, specifies how many retries to attempt

 

before closing the session. Default: 3; Range: 1 - 5)

 

 

N o t e

Where the switch has multiple RADIUS servers configured to support authen-

 

tication requests, if the first server fails to respond, then the switch tries the

 

next server in the list, and so-on. If none of the servers respond, then the switch

 

attempts to use the secondary authentication method configured for the type

 

of access being attempted (console, Telnet, or SSH). If this occurs, refer to

 

“RADIUS-Related Problems” in the Troubleshooting chapter of the Manage-

 

ment and Configuration Guide for your switch.

 

 

5-13

Page 113
Image 113
HP 4100gl, 2650 (J4899A/B), 2626 (J4900A/B), 2600-PWR, 6108 manual T e