beautypg.com

H3C Technologies H3C MSR 50 User Manual

Page 359

background image

338

Item Description

Username Format

Select the format of usernames to be sent to the RADIUS server: Original
format, With domain name, or Without domain name.
Typically, a username is in the format of userid@isp-name, of which isp-name
is used by the device to determine the ISP domain for the user. If a RADIUS

server (such as a RADIUS server of some early version) does not accept a

username that contains an ISP domain name, you can configure the device to
remove the domain name of a username before sending it to the RADIUS

server.

Authentication Key
Confirm Authentication Key
Accounting Key
Confirm Accounting Key

Set the shared key for authenticating RADIUS authentication packets and that
for authenticating RADIUS accounting packets.
The RADIUS client and the RADIUS server use MD5 to encrypt RADIUS
packets. They verify packets through the specified shared key. The client and

the server can receive and respond to packets from each other only when
they use the same shared key.

IMPORTANT:

The shared keys configured in the common configuration part are used only

when no corresponding shared keys are configured in the RADIUS server

configuration part.

Quiet Time

Set the time to wait before the device restores an unreachable RADIUS server
to active state.
If the primary server is unreachable due to temporary interruption on the

network interface or the busy server, you can set the quiet time to 0 so that

authentication and accounting requests for other users are still sent to the
primary server for processing. When the quiet time is 0, if the server being

used is unreachable, the device keeps the server in the active state, and

sends the request to the next server in the active state. In this way, subsequent
authentication or accounting requests may still be sent to the server.

Server Response Timeout Time

Set the RADIUS server response timeout time.
If the device sends a RADIUS request to a RADIUS server but receives no
response in the specified server response timeout time, it retransmits the

request. Setting a proper value according to the network conditions helps in

improving the system performance.

Request Transmission Attempts

Set the maximum number of attempts for transmitting a RADIUS packet to a
single RADIUS server. If the device does not receive a response to its request
from the RADIUS server within the response timeout period, it retransmits the

RADIUS request. If the number of transmission attempts exceeds the limit but

the device still does not receive a response from the RADIUS server, the
device considers the request a failure.

IMPORTANT:

The server response timeout time multiplied by the maximum number of

RADIUS packet transmission attempts must not exceed 75.

Realtime Accounting Interval

Set the interval for sending real-time accounting information to the RADIUS
accounting server. The interval must be a multiple of 3.
Different real-time accounting intervals impose different performance
requirements on the NAS and the RADIUS server. A shorter interval helps

achieve higher accounting precision but requires higher performance. Use a

longer interval when a large number of users (1000 or more) exist. For more
information about the recommended real-time accounting intervals, see

"

Configuration guidelines

."

This manual is related to the following products: