HP 830 Series - Protocols and Standards; Configuration Guidelines

To Next Page

To Previous Page

407

Figure 420 Format of attribute 26

Protocols and standards

• RFC 2865, Remote Authentication Dial In User Service (RADIUS)

• RFC 2866, RADIUS Accounting

• RFC 2867, RADIUS Accounting Modifications for Tunnel Protocol Support

• RFC 2868, RADIUS Attributes for Tunnel Protocol Support

• RFC 2869, RADIUS Extensions

Configuration guidelines

When you configure the RADIUS client, follow these guidelines:

• Accounting for FTP users is not supported.

• If you remove the accounting server used for online users, the device cannot send real-time

accounting requests and stop-accounting messages for the users to the server, and the

stop-accounting messages are not buffered locally.

• The status of RADIUS servers, blocked or active, determines which servers the device will

communicate with or turn to when the current servers are not available. In practice, you can specify

one primary RADIUS server and multiple secondary RADIUS servers, with the secondary servers

that function as the backup of the primary servers. Typically, the device chooses servers based on

these rules:

{ When the primary server is in the active state, the device communicates with the primary server.

If the primary server fails, the device changes the state of the primary server to blocked, starts

a quiet timer for the server, and turns to a secondary server in the active state (a secondary

server configured earlier has a higher priority). If the secondary server is unreachable, the

device changes the state of the secondary server to blocked, starts a quiet timer for the server,

and continues to check the next secondary server in the active state. This search process

continues until the device finds an available secondary server or has checked all secondary

servers in the active state. If the quiet timer of a server expires or an authentication or

accounting response is received from the server, the status of the server changes back to active

automatically, but the device does not check the server again during the authentication or

accounting process. If no server is found reachable during one search process, the device

considers the authentication or accounting attempt a failure.

{ Once the accounting process of a user starts, the device keeps sending the user's real-time

accounting requests and stop-accounting requests to the same accounting server. If you remove

the accounting server, real-time accounting requests and stop-accounting requests for the user

can no longer be delivered to the server.

Related product manuals