beautypg.com

H3C Technologies H3C S3600 Series Switches User Manual

Page 538

background image

2-22

online when the user re-logs into the network before the CAMS performs online user detection, and the

user cannot get authenticated. In this case, the user can access the network again only when the CAMS

administrator manually removes the user's online information.

The user re-authentication at restart function is designed to resolve this problem. After this function is

enabled, every time the switch restarts:

1) The switch generates an Accounting-On message, which mainly contains the following information:

NAS-ID, NAS-IP-address (source IP address), and session ID.

2) The switch sends the Accounting-On message to the CAMS at regular intervals.

3) Once the CAMS receives the Accounting-On message, it sends a response to the switch. At the

same time it finds and deletes the original online information of the users who were accessing the

network through the switch before the restart according to the information (NAS-ID,

NAS-IP-address and session ID) contained in the message, and ends the accounting for the users

depending on the last accounting update message.

4) Once the switch receives the response from the CAMS, it stops sending Accounting-On messages.

5) If the switch does not receive any response from the CAMS after it has tried the configured

maximum number of times to send the Accounting-On message, it will not send the Accounting-On

message any more.

The switch can automatically generate the main attributes (NAS-ID, NAS-IP-address and session ID)

contained in Accounting-On messages. However, you can also manually configure the NAS-IP-address

with the nas-ip command. If you choose to manually configure the attribute, be sure to configure an

appropriate valid IP address. If this attribute is not configured, the switch will automatically choose the

IP address of a VLAN interface as the NAS-IP-address.

Follow these steps to enable the user re-authentication at restart function:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter RADIUS scheme
view

radius scheme
radius-scheme-name

Enable the user
re-authentication at restart
function

accounting-on enable
[ send times | interval
interval ]

By default, this function is disabled.

If you use this command without any
parameter, the system will try at most
15 times to send an Accounting-On
message at the interval of three
seconds.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: