H3C Technologies H3C WX3000E Series Wireless Switches User Manual

567

Item Description

RADIUS Packet Source IP

Specify the source IP address for the device to use in RADIUS packets sent
to the RADIUS server.
The source IP address of RADIUS packets that a NAS sends must match the
IP address of the NAS configured on the RADIUS server. A RADIUS server

identifies a NAS by its IP address. Upon receiving a RADIUS packet, a

RADIUS server checks whether the source IP address of the packet is the IP
address of a managed NAS. If it is, the server processes the packet. If it is

not, the server drops the packet.
The source address of outgoing RADIUS packets is typically the IP address

of an egress interface on the NAS to communicate with the RADIUS server.

However, in some situations, you must change the source IP address. For
example, if the NAS is configured with VRRP for stateful failover, the

source IP address of outgoing RADIUS packets can be the virtual IP

address of the uplink VRRP group.

IMPORTANT:

•

If you do not specify this parameter, the IP address of the outbound

interface is used.

•

Make sure this source address has the same IP version of the RADIUS

server address that is specified in the scheme. Otherwise, the

configuration does not take effect.

RADIUS Packet Backup
Source IP

Specify the backup source IP address for the device to use in RADIUS
packets sent to the RADIUS server.
In a stateful failover environment, the backup source IP address must be the
source IP address for the remote device to use in RADIUS packets sent to

the RADIUS server.
Configuring the backup source IP address in a stateful failover

environment makes sure that the backup server can receive the RADIUS
packets sent from the RADIUS server when the master device fails.

Buffer stop-accounting
packets

Enable or disable buffering of stop-accounting requests for which no
responses are received.

Stop-Accounting Attempts

Set the maximum number of stop-accounting attempts.
The NAS disconnects from a user according to the maximum number of
stop-accounting attempts and specific parameters. For example, the

RADIUS server response timeout period is 3 seconds, the maximum

number of transmission attempts is five, and the maximum number of
stop-accounting attempts is 20. For each stop-accounting request, if the

device receives no response within 3 seconds, it retransmits the request. If

it receives no responses after retransmitting the request five times, it

considers the stop-accounting attempt a failure, buffers the request, and
makes another stop-accounting attempt. If 20 consecutive attempts fail, the

device discards the request.

Send accounting-on packets

Enable or disable the accounting-on feature.
The accounting-on feature enables a device to send accounting-on packets
to RADIUS servers after it reboots, making the servers forcedly log out

users who logged in through the device before the reboot.

IMPORTANT:

When enabling the accounting-on feature on a device for the first time, you

must save the configuration so that the feature takes effect after the device

reboots.