2-34
Controlling Management Access to the ProCurve Secure Router
Using the AAA Subsystem to Control Management Access
From this context, use the following command to add RADIUS servers to
the group:
Syntax: server <hostname | A.B.C.D> [acct-port <port> | auth-port <port> ]
Either replace <hostname> with the RADIUS server’s hostname or replace
<A.B.C.D> with the RADIUS server’s IP address.
Include the acct-port or the auth-port option if you want to change the
default ports that the ProCurve Secure Router uses to send information to the
RADUIS server. By default, the router uses port 1813 for accounting updates
and port 1812 for authorization updates.
The following examples add servers to the myServers group:
ProCurve(config)# aaa group server radius myServers
ProCurve(config-sg-radius)# server 1.2.3.4
ProCurve(config-sg-radius)# server 4.3.2.1
ProCurve(config-sg-radius)# exit
or
ProCurve(config)# aaa group server radius myServers
ProCurve(config-sg-radius)# server 2.2.2.2
ProCurve(config-sg-radius)# exit
You must use the radius-server command to define RADIUS servers before
you can add them to a group. If a server is added to a named group but is not
defined by a radius-server command, the router simply bypasses that server
in the list.
Empty RADIUS groups are not saved. When the last server is removed from a
group, the Secure Router OS automatically deletes the group.
Configure Global Settings for RADIUS Servers
You can configure global settings that will be applied to all RADIUS servers
defined on the router. However, if you configure specific settings for a RADIUS
server, these settings will override the global settings.
To configure global settings, you use the radius-server command, but you do
not specify a particular server. Instead, you use the following command
syntax:
Syntax: radius-server [challenge-noecho | deadtime <minutes> | enable-username
<name> | key <key> | retry <attempts> | timeout <seconds>]
To Next Page
Loading...
Need help?
General
