H3C Technologies H3C WA3600 Series Access Points User Manual

218

•

If you remove the accounting server used for online users, the device cannot send real-time

accounting requests and stop-accounting messages for the users to the server, and the
stop-accounting messages are not buffered locally.

•

The status of RADIUS servers (blocked or active) determines which servers the device will
communicate with or turn to when the current servers are not available. In practice, you can specify

one primary RADIUS server and multiple secondary RADIUS servers, with the secondary servers

that function as the backup of the primary servers. Generally, the device chooses servers based on
these rules:

When the primary server is in active state, the device communicates with the primary server. If
the primary server fails, the device changes the state of the primary server to blocked, starts a

quiet timer for the server, and turns to a secondary server in active state (a secondary server

configured earlier has a higher priority). If the secondary server is unreachable, the device

changes the state of the secondary server to blocked, starts a quiet timer for the server, and
continues to check the next secondary server in active state. This search process continues until

the device finds an available secondary server or has checked all secondary servers in active

state. If the quiet timer of a server expires or an authentication or accounting response is

received from the server, the status of the server changes back to active automatically, but the
device does not check the server again during the authentication or accounting process. If no

server is found reachable during one search process, the device considers the authentication or

accounting attempt a failure.

Once the accounting process of a user starts, the device keeps sending the user's real-time
accounting requests and stop-accounting requests to the same accounting server. If you remove

the accounting server, real-time accounting requests and stop-accounting requests for the user
cannot be delivered to the server any more.

If you remove an authentication or accounting server in use, the communication of the device
with the server will soon time out, and the device will look for a server in active state from scratch:

it checks the primary server (if any) first and then the secondary servers in the order they are

configured.

When the primary server and secondary servers are all in blocked state, the device

communicates with the primary server. If the primary server is available, its statues changes to
active. Otherwise, its status remains to be blocked.

If one server is in active state but all the others are in blocked state, the device only tries to
communicate with the server in active state, even if the server is unavailable.

After receiving an authentication/accounting response from a server, the device changes the
status of the server identified by the source IP address of the response to active if the current

status of the server is blocked.

•

It is a good practice to use the recommended real-time accounting intervals listed in

Table 84

.

Table 84 Recommended real-time accounting intervals

Number of users

Real-time accounting interval (in minutes)

1 to 99

3

100 to 499

6

500 to 999

12

≥1000

≥15