Configuring timers for radius servers – H3C Technologies H3C WX3000 Series Unified Switches User Manual

25-16

z

When acting as the local RADIUS authentication server, the device does not support EAP
authentication.

Configuring Timers for RADIUS Servers

After sending out a RADIUS request (authentication/authorization request or accounting request) to a
RADIUS server, the device waits for a response from the server. The maximum time that the device can
wait for the response is called the response timeout time of RADIUS servers, and the corresponding
timer in the device system is called the response timeout timer of RADIUS servers. If the device gets no
answer within the response timeout time, it needs to retransmit the request to ensure that the user can
obtain RADIUS service.

For the primary and secondary servers (authentication/authorization servers, or accounting servers) in
a RADIUS scheme:

When the device fails to communicate with the primary server due to some server trouble, the device
will turn to the secondary server and exchange messages with the secondary server.

After the primary server remains in the block state for a specific time (set by the timer quiet command),
the device will try to communicate with the primary server again when it has a RADIUS request. If it
finds that the primary server has recovered, the device immediately restores the communication with
the primary server instead of communicating with the secondary server, and at the same time restores
the status of the primary server to active while keeping the status of the secondary server unchanged.

To control the interval at which users are charged in real time, you can set the real-time accounting
interval. After the setting, the device periodically sends online users' accounting information to RADIUS
server at the set interval.

Follow these steps to set timers for RADIUS servers:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Create a RADIUS scheme and
enter its view

radius scheme

radius-scheme-name

Required
By default, a RADIUS scheme named
"system" has already been created in the
system.

Set the response timeout time of
RADIUS servers

timer response-timeout

seconds

Optional
By default, the response timeout time of
RADIUS servers is three seconds.

Set the time that the device waits
before it try to re-communicate with
primary server and restore the
status of the primary server to
active

timer quiet

minutes

Optional
By default, the device waits five minutes
before it restores the status of the primary
server to active.

Set the real-time accounting
interval

timer
realtime-accounting
minutes

Optional
By default, the real-time accounting
interval is 12 minutes.

Enabling Sending Trap Message when a RADIUS Server Goes Down

Follow these steps to specify to send trap message when a RADIUS server goes down: