23
To do… Use the command… Remarks
Enable the device to buffer
stop-accounting requests to
which no responses are
received
stop-accounting-buffer enable
Optional
Enabled by default
Set the maximum number of
stop-accounting attempts
retry stop-accounting retry-times
Optional
500 by default
Set the maximum number of
real-time accounting attempts
retry realtime-accounting retry-times
Optional
5 by default
NOTE:
• The IP addresses of the primary and secondary accounting servers must be different from each other.
Otherwise, the configuration fails.
• All servers for authentication/authorization and accountings, primary or secondary, must use IP
addresses of the same IP version.
• If you delete an accounting server serving users, the device can no longer send real-time accounting
requests and stop-accounting requests for the users to that server, or buffer the stop-accountin
requests.
• You can specify a RADIUS accounting server as the primary accounting server for one scheme and as
the secondary accounting server for another scheme at the same time.
• RADIUS does not support accounting for FTP users.
Setting the shared keys for RADIUS packets
The RADIUS client and RADIUS server use the MD5 algorithm to encrypt packets exchanged between
them and use shared keys to verify the packets. They must use the same shared key for the same type of
packets.
A shared key configured in this task is for all servers of the same type (accounting or authentication) in
the scheme, and has a lower priority than a shared key configured individually for a RADIUS server.
Follow these steps to set the shared keys for RADIUS packets:
To do… Use the command… Remarks
Enter system view system-view —
Enter RADIUS scheme view
radius scheme
radius-scheme-name
—
Set the shared key for RADIUS
authentication/authorization or
accounting packets
key { accounting | authentication }
[ cipher | simple ] key
Required
No shared key by default
NOTE:
shared key confi
ured on the device must be the same as that configured on the RADIUS server.
Setting the maximum number of RADIUS request transmission attempts
Because RADIUS uses UDP packets to transfer data, the communication process is not reliable. RADIUS
uses a retransmission mechanism to improve reliability. If a NAS sends a RADIUS request to a RADIUS
server but receives no response before the response timeout timer expires, it retransmits the request. If the
number of transmission attempts exceeds the specified limit but it still receives no response, it tries to
To Next Page
Loading...
