HP 5920 Series Configuration Manual page 42
Hide thumbs
Also See for 5920 Series:
- Command reference manual (607 pages) ,
- Configuration manual (322 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
The security policy server is the management and control center of the HP EAD solution. To implement all
EAD functions, configure both the IP address of the security policy server and that of the IMC Platform on
the NAS.
To configure the IP address of a security policy server for a scheme:
Step
1.
Enter system view.
2.
Enter RADIUS scheme
view.
3.
Specify a security policy
server.
Configuring the Login-Service attribute check method for SSH, FTP, and terminal users
The device supports the following check methods for the Login-Service attribute (RADIUS attribute 15) of
SSH, FTP, and terminal users:
Strict—Matches Login-Service attribute values 50, 51, and 52 for SSH, FTP, and terminal services,
•
respectively.
Loose—Matches the standard Login-Service attribute value 0 for SSH, FTP, and terminal services.
•
An Access-Accept packet received for a user must contain the matching attribute value. Otherwise, the
user cannot log in to the device.
Use the loose check method only when the server does not issue Login-Service attribute values 50, 51,
and 52 for SSH, FTP, and terminal users.
To configure the Login-Service attribute check method for SSH, FTP, and terminal users:
Step
1.
Enter system view.
2.
Enter RADIUS scheme view.
3.
Configure the Login-Service
attribute check method for
SSH, FTP, and terminal users.
Enabling SNMP notifications for RADIUS
When SNMP notifications are enabled for RADIUS, the SNMP agent supports the following notifications
generated by RADIUS:
RADIUS server unreachable notification—The RADIUS server cannot be reached. RADIUS
•
generates this notification if it cannot receive any response to an accounting or authentication
request within the specified RADIUS request transmission attempts.
RADIUS server reachable notification—The RADIUS server can be reached. RADIUS generates this
•
notification for a previously blocked RADIUS server after the quiet timer expires.
Excessive authentication failures notification—The number of authentication failures to the total
•
number of authentication attempts exceeds the specified threshold.
Command
system-view
radius scheme radius-scheme-name
security-policy-server { ipv4-address
| ipv6 ipv6-address } [ vpn-instance
vpn-instance-name ]
Command
system-view
radius scheme
radius-scheme-name
attribute 15 check-mode { loose |
strict }
31
Remarks
N/A
N/A
By default, no security policy server
is specified for a scheme.
You can specify up to eight security
policy servers for a RADIUS scheme.
Remarks
N/A
N/A
The default check method is strict.
- Quick Links:
- Configuration Guide
- Configuring Local Users
Hide quick links:
Table of Contents
Troubleshooting
