beautypg.com

Configuring radius accounting-on – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 46

background image

32

NOTE:

For a type of users, the maximum number of transmission attempts multiplied by the RADIUS server
response timeout period must be less than the client connection timeout time and must not exceed 75
seconds. Otherwise, stop-accounting messages cannot be buffered, and the primary/secondary server

switchover cannot take place. For example, the product of the two parameters must be less than 10

seconds for voice users, and less than 30 seconds for Telnet users because the client connection timeout
period for voice users is 10 seconds and that for Telnet users is 30 seconds.

When configuring the maximum number of RADIUS packet transmission attempts and the RADIUS
server response timeout period, take the number of secondary servers into account. If the retransmission

process takes too much time, the client connection in the access module may be timed out while the
device is trying to find an available server.

When a number of secondary servers are configured, the client connections of access modules that
have a short client connection timeout period may still be timed out during initial authentication or

accounting, even if the packet transmission attempt limit and server response timeout period are
configured with small values. In this case, the next authentication or accounting attempt may succeed

because the device has set the state of the unreachable servers to blocked and the time for finding a

reachable server is shortened.

Set the server quiet timer properly. Too short a quiet timer may result in frequent authentication or
accounting failures because the device has to repeatedly attempt to communicate with an unreachable

server that is in active state.

For more information about the maximum number of RADIUS packet transmission attempts, see
"

Setting the maximum number of RADIUS request transmission attempts

."

Configuring RADIUS accounting-on

The accounting-on feature enables a device to send accounting-on packets to the RADIUS server after it

reboots, making the server log out users who logged in through the device before the reboot. Without this

feature, users who were online before the reboot cannot re-log in after the reboot, because the RADIUS
server considers they are already online.
If a device sends an accounting-on packet to the RADIUS server but receives no response, it resends the

packet to the server at a particular interval for a specified number of times.
To configure the accounting-on feature for a RADIUS scheme:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter RADIUS scheme view.

radius scheme
radius-scheme-name

N/A

3.

Enable accounting-on and

configure parameters.

accounting-on enable [ interval
seconds | send send-times ] *

Disabled by default.
The default interval is 3 seconds

and the default number of
send-times is 5.

NOTE:

The accounting-on feature requires the cooperation of H3C IMC network management system.