35
• Set an appropriate server quiet timer. Too short a quiet timer can result in frequent
authentication or accounting failures because the device keeps trying to communicate with an
unreachable server that is in active state.
To set RADIUS timers:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter RADIUS scheme view.
radius scheme
radius-scheme-name
N/A
3. Set the RADIUS server
response timeout timer.
timer response-timeout
seconds
Optional.
The default RADIUS server
response timeout timer is 3
seconds.
4. Set the server quiet timer.
timer quiet
minutes
Optional.
The default server quiet timer is 5
minutes.
5. Set the real-time accounting
interval.
timer realtime-accounting
minutes
Optional.
The default real-time accounting
interval is 12 minutes.
Configuring RADIUS accounting-on
The accounting-on feature enables the device to send an accounting-on packet to the RADIUS
server after it reboots so the server can log out users who logged in through the device before the
reboot. Without this feature, users who were online before the reboot could not re-log in after the
reboot, because the RADIUS server would consider them already online.
If the device receives no response to the accounting-on packet, it re-sends the packet to the RADIUS
server at a particular interval for a specified number of times.
The accounting-on feature requires the cooperation of the HPE CAMS or IMC network management
system.
To configure the accounting-on feature for a RADIUS scheme:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter RADIUS scheme
view.
radius scheme
radius-scheme-name
N/A
3. Enable accounting-on and
configure parameters.
accounting-on enable
[
interval
seconds |
send
send-times ] *
Disabled by default.
The default interval is 3 seconds and the
default number of send-times is 5.
Configuring the IP address of the security policy server
The core of the HPE EAD solution is integration and cooperation. The security policy server is the
management and control center for EAD. Using a collection of software, the security policy server
provides functions such as user management, security policy management, security status
assessment, security cooperation control, and security event audit.
The NAS checks the validity of received control packets and accepts only control packets from
known servers. To use a security policy server that is independent of the AAA servers, you must
configure the IP address of the security policy server on the NAS. To implement all EAD functions,
configure both the IP address of the security policy server and the IP address of the IMC Platform on
the NAS.
To Next Page
Loading...
Need help?
General
