Configuring radius accounting-on – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 46
32
NOTE:
•
For a type of users, the maximum number of transmission attempts multiplied by the RADIUS server
response timeout period must be less than the client connection timeout time and must not exceed 75
seconds. Otherwise, stop-accounting messages cannot be buffered, and the primary/secondary server
switchover cannot take place. For example, the product of the two parameters must be less than 10
seconds for voice users, and less than 30 seconds for Telnet users because the client connection timeout
period for voice users is 10 seconds and that for Telnet users is 30 seconds.
•
When configuring the maximum number of RADIUS packet transmission attempts and the RADIUS
server response timeout period, take the number of secondary servers into account. If the retransmission
process takes too much time, the client connection in the access module may be timed out while the
device is trying to find an available server.
•
When a number of secondary servers are configured, the client connections of access modules that
have a short client connection timeout period may still be timed out during initial authentication or
accounting, even if the packet transmission attempt limit and server response timeout period are
configured with small values. In this case, the next authentication or accounting attempt may succeed
because the device has set the state of the unreachable servers to blocked and the time for finding a
reachable server is shortened.
•
Set the server quiet timer properly. Too short a quiet timer may result in frequent authentication or
accounting failures because the device has to repeatedly attempt to communicate with an unreachable
server that is in active state.
•
For more information about the maximum number of RADIUS packet transmission attempts, see
"
Setting the maximum number of RADIUS request transmission attempts
."
Configuring RADIUS accounting-on
The accounting-on feature enables a device to send accounting-on packets to the RADIUS server after it
reboots, making the server log out users who logged in through the device before the reboot. Without this
feature, users who were online before the reboot cannot re-log in after the reboot, because the RADIUS
server considers they are already online.
If a device sends an accounting-on packet to the RADIUS server but receives no response, it resends the
packet to the server at a particular interval for a specified number of times.
To configure the accounting-on feature for a RADIUS scheme:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter RADIUS scheme view.
radius scheme
radius-scheme-name
N/A
3.
Enable accounting-on and
configure parameters.
accounting-on enable [ interval
seconds | send send-times ] *
Disabled by default.
The default interval is 3 seconds
and the default number of
send-times is 5.
NOTE:
The accounting-on feature requires the cooperation of H3C IMC network management system.
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000