HP-UX AAA Server A.08.02 Administrator's Guide
Table 13 Add Access Device Configuration Form Options (continued)
FunctionOption
host name. When specifying Name as a DNS host name, you must use the name returned
by thehostname command.
Notes:
• Ensure that your DNS is configured correctly (with both forward and reverse entries)
for your AAA server. The AAA server determines the name of the machine that it is
running on. If this name does not match with your local DNS servers database, you
cannot configure the access device correctly.
• You can use wildcards to provide access for all traditional IP (IPv4) clients in a
particular subnet. Examples of valid IPv4 wildcard patterns are:
*
192.*
192.0.*
192.0.2.*
• You can use wildcards to provide access for all IPv6 clients in a particular subnet.
The allowed IPv6 wildcard patterns are constructed by appending an ‘*’ to a partial
IPv6 address or by specifying a single ‘*’. Examples of valid IPv6 wildcard patterns
are:
*
fedc:ba98:7654:3210:fe*
fedc:ba98:7654:3210*
The special IPv6 syntax of compressing zeroes using "::" is not allowed in IPv6
Wildcard patterns. For example: ‘fedc::ba98:fe*’ is not allowed.
Enter the shared secret, or the encryption key between the client and the server. The
shared secret must be less than 255 characters. A request from a client for which the
server does not have a shared secret is silently discarded.
Shared Secret
Confirm the secret by typing it again.Confirm Shared Secret
Enter the UDP port number of the dynamic authorization server to which the HP-UX AAA
Server must send the dynamic authorization requests. The default value is 3799.
Dynamic Authorization
Relay Port
Enter the number of client retry requests the HP-UX AAA Server must send to perform a
client function, such as Disconnect or Change of Authorization. The default value is 2.
Retry Count
Specifies the time interval between two successive client requests. The HP-UX AAA Server
sends a client retry request at the end of the specified retry interval if the initial request
does not receive a response from the respective server. The default value is 3.
Retry Interval
Enter the vendor-specific attributes that must be returned to the access device in a reply.
In most applications, you can select the hardware vendor of the device or Generic if
Vendor
the device is not listed. You can make multiple selections by holding down the control
key as you select vendor names.
The server prunes vendor-specific attributes for a given vendor if that vendor’s name is
not properly defined in the vendors file, and its attributes are not properly defined in
the dictionary file.
NOTE: The Generic vendor prunes all vendor-specific attributes before a message is
returned to a NAS. This attribute can be used to help prevent problems that occur if an
unencapsulated vendor attribute is not correctly mapped in the vendors file.
IMPORTANT: To define a wireless access point using the MS-CHAP protocol, you must
select Microsoft as one of the vendor selections.
Select any of the check boxes to specify additional message-handling options. Following
are the options:
Options
RAD_RFC Verifies that the Access-Request conforms with the RADIUS RFC.
Nonconforming messages are dropped.
ACCT_RFC Verifies that the Accounting-Request conforms with the Accounting RFC.
Nonconforming messages are dropped.
70 Configuring RADIUS Clients Using the Access Devices Screen