31
• When a number of secondary servers are configured, the client connections of access modules that
have a short client connection timeout period may still be timed out during initial authentication or
accounting, even if the packet transmission attempt limit and server response timeout period are
configured with small values. In this case, the next authentication or accounting attempt may
succeed because the switch has set the state of the unreachable servers to blocked and the time for
finding a reachable server is shortened.
• Be sure to set the server quiet timer properly. Too short a quiet timer may result in frequent
authentication or accounting failures because the switch has to repeatedly attempt to communicate
with an unreachable server that is in active state.
• For more information about the maximum number of RADIUS packet transmission attempts, see
"Setting the maximum number of RADIUS request transmission attempts."
Configuring RADIUS accounting-on
The accounting-on feature enables a switch to send accounting-on packets to the RADIUS server after it
reboots, making the server log out users who logged in through the switch before the reboot. Without this
feature, users who were online before the reboot cannot re-log in after the reboot, because the RADIUS
server considers they are already online.
If a switch sends an accounting-on packet to the RADIUS server but receives no response, it resends the
packet to the server at a particular interval for a specified number of times.
To configure the accounting-on feature for a RADIUS scheme:
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter RADIUS scheme
view.
radius scheme
radius-scheme-name
N/A
3. Enable accounting-on and
configure parameters.
accounting-on enable
[ interval seconds | send
send-times ] *
Disabled by default.
The default interval is 3 seconds and the
default number of send-times is 50.
NOTE:
The accounting-on feature requires the cooperation of the HP IMC network management system.
Configuring the IP address of the security policy server
The core of the HP EAD solution is integration and cooperation, and the security policy server is the
management and control center. Using a collection of software, the security policy server provides
functions such as user management, security policy management, security status assessment, security
cooperation control, and security event audit.
The NAS checks the validity of received control packets and accepts only control packets from known
servers. To use a security policy server that is independent of the AAA servers, you must configure the IP
address of the security policy server on the NAS. To implement all EAD functions, configure both the IP
address of the security policy server and that of the IMC Platform on the NAS.
To configure the IP address of the security policy server for a scheme:
Step Command Remarks
1. Enter system view. system-view N/A
To Next Page
Loading...
Need help?
General
