beautypg.com

Enabling snmp notifications for radius – H3C Technologies H3C S6300 Series Switches User Manual

Page 46

background image

31

Step Command

Remarks

3.

Specify a security policy
server.

security-policy-server { ipv4-address
| ipv6 ipv6-address }

By default, no security policy server
is specified for a scheme.
You can specify a maximum of eight
security policy servers for a RADIUS

scheme.

Configuring the Login-Service attribute check method for SSH, FTP, and terminal users

The device supports the following check methods for the Login-Service attribute (RADIUS attribute 15) of

SSH, FTP, and terminal users:

Strict—Matches Login-Service attribute values 50, 51, and 52 for SSH, FTP, and terminal services,
respectively.

Loose—Matches the standard Login-Service attribute value 0 for SSH, FTP, and terminal services.

An Access-Accept packet received for a user must contain the matching attribute value. Otherwise, the

user cannot log in to the device.
Use the loose check method only when the server does not issue Login-Service attribute values 50, 51,

and 52 for SSH, FTP, and terminal users.
To configure the Login-Service attribute check method for SSH, FTP, and terminal users:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter RADIUS scheme view.

radius scheme
radius-scheme-name

N/A

3.

Configure the Login-Service
attribute check method for

SSH, FTP, and terminal users.

attribute 15 check-mode { loose |
strict }

The default check method is strict.

Enabling SNMP notifications for RADIUS

When SNMP notifications are enabled for RADIUS, the SNMP agent supports the following notifications

generated by RADIUS:

RADIUS server unreachable notification—The RADIUS server cannot be reached. RADIUS
generates this notification if it cannot receive any response to an accounting or authentication

request within the specified RADIUS request transmission attempts.

RADIUS server reachable notification—The RADIUS server can be reached. RADIUS generates this
notification for a previously blocked RADIUS server after the quiet timer expires.

Excessive authentication failures notification—The number of authentication failures to the total
number of authentication attempts exceeds the specified threshold.

You can configure SNMP parameters to control the output of these SNMP notifications. For more
information, see Network Management and Monitoring Configuration Guide.
To enable SNMP notifications for RADIUS:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: