RADIUS Authentication and Accounting

Configuring RADIUS Accounting

If access to a RADIUS server fails during a session, but after the client has been authenticated, the switch continues to assume the server is available to receive accounting data. Thus, if server access fails during a session, it will not receive accounting data transmitted from the switch.

Steps for Configuring RADIUS Accounting

1.Configure the switch for accessing a RADIUS server.

You can configure a list of up to three RADIUS servers (one primary, two backup). The switch operates on the assumption that a server can operate in both accounting and authentication mode. (Refer to the documentation for your RADIUS server application.)

 Use the same radius-server host command that you would use to configure RADIUS authentication. Refer to “2. Configure the Switch To Access a RADIUS Server” on page 3-10.

• Provide the following:

A RADIUS server IP address.

Optional—a UDP destination port for authentication requests. Otherwise the switch assigns the default UDP port (1812; recom- mended).

Optional—if you are also configuring the switch for RADIUS authentication, and need a unique encryption key for use during authentication sessions with the RADIUS server you are desig- nating, configure a server-specific key. This key overrides the global encryption key you can also configure on the switch, and must match the encryption key used on the specified RADIUS server. For more information, refer to the "[key < key-string >]" parameter on page 3-10. (Default: null)

2.Configure accounting types and the controls for sending reports to the RADIUS server.

 Accounting types: exec (page 3-17), network (page 3-16), or system (page 3-17)

 Trigger for sending accounting reports to a RADIUS server: At session start and stop or only at session stop

3.(Optional) Configure session blocking and interim updating options

 Updating: Periodically update the accounting data for sessions-in- progress

 Suppress accounting: Block the accounting session for any unknown user with no username access to the switch

3-18

Page 72
Image 72
HP 4100gl manual Steps for Configuring Radius Accounting