beautypg.com

Specifying a security policy server – H3C Technologies H3C S7500E Series Switches User Manual

Page 45

background image

2-16

z

For an access module, the maximum number of transmission attempts multiplied by the RADIUS

server response timeout period must be less than the client connection timeout time and must not

exceed 75 seconds. Otherwise, stop-accounting messages cannot be buffered, and the

primary/secondary server switchover cannot take place. For example, because the client

connection timeout time for voice access is 10 seconds, the product of the two parameters must

be less than 10 seconds; because the client connection timeout time for Telnet access is 30

seconds, the product of the two parameters must be less than 30 seconds. For more information

about the timeout time of a specific access module, see the corresponding configuration guide.

z

For more information about the maximum number of RADIUS packet retransmission attempts,

see

Setting the maximum number of RADIUS request transmission attempts

.

Specifying a security policy server

The core of the EAD solution is integration and cooperation, and the security policy server is the

management and control center. As a collection of software, the security policy server provides

functions such as user management, security policy management, security status assessment,

security cooperation control, and security event audit.

This configuration task is to specify the IP address of a security policy server. After that, the access

device only accepts control packets sent from the specified IP address. If the iMC configuration

platform, the authentication server and the security policy server use the same IP address, you need

not configure this task.

To implement EAD, use the security-policy-server command to specify the IP addresses of the iMC

policy server and iMC configuration platform.

Follow these steps to specify a security policy server:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter RADIUS scheme view

radius scheme

radius-scheme-name

Specify a security policy server

security-policy-server ip-address

Required

Not specified by default

You can specify up to eight security policy servers for a RADIUS scheme.

Configuring interpretation of RADIUS class attribute as CAR parameters

According to RFC 2865, a RADIUS server assigns the RADIUS class attribute (25) to a RADIUS client.

However, the RFC only requires the RADIUS client to send the attribute to the accounting server; it

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: