H3C Technologies H3C SecPath F1000-E User Manual

174

Item Description

RADIUS Packet Source IP

Specify the source IP address for the firewall to use in RADIUS packets sent to the
RADIUS server.

IMPORTANT:

•

Specifying this source IP address can make sure the response packets from
the server can reach the firewall if the physical interface is down. H3C

recommends you to use a loopback interface address.

•

This source IP address and the RADIUS server IP address specified in the

RADIUS scheme must be of the same version. Otherwise, the configuration

cannot take effect.

RADIUS Packet Backup
Source IP

Specify the backup source IP address for the firewall to use in RADIUS packets
sent to the RADIUS server.
In a stateful failover environment, the backup source IP address must be the

source IP address for the remote firewall to use in RADIUS packets sent to the
RADIUS server.
Configuring the backup source IP address in a stateful failover environment
makes sure that the backup server can receive the RADIUS packets sent from the

RADIUS server when the master firewall fails.

Buffer stop-accounting
packets

Enable or disable buffering of stop-accounting requests for which no responses
are received.

Stop-Accounting Attempts

Set the maximum number of stop-accounting attempts.
The maximum number of stop-accounting attempts, together with some other
parameters, controls how the NAS deals with stop-accounting request packets.
Suppose that the RADIUS server response timeout period is three seconds, the

maximum number of transmission attempts is five, and the maximum number of
stop-accounting attempts is 20. For each stop-accounting request, if the firewall

receives no response within three seconds, it retransmits the request. If it receives

no responses after retransmitting the request five times, it considers the
stop-accounting attempt a failure, buffers the request, and makes another

stop-accounting attempt. If 20 consecutive attempts fail, the firewall discards the

request.

Send accounting-on packets

Enable or disable the accounting-on feature.
The accounting-on feature enables the firewall to send accounting-on packets to

RADIUS servers after it reboots, making the servers forcedly log out users who
logged in through the firewall before the reboot.

IMPORTANT:

When enabling the accounting-on feature on the firewall for the first time, you must

save the configuration so that the feature takes effect after the firewall reboots.

Accounting-On Interval

Set the interval for sending accounting-on packets. This field is configurable only
when the Send accounting-on packets option is selected.

Accounting-On Attempts

Set the maximum number of accounting-on packets transmission attempts. This
field is configurable only when the Send accounting-on packets option is
selected.

Attribute
Interpretation

Enable or disable the firewall to interpret the RADIUS class attribute as CAR
parameters.

6.

In the RADIUS Server Configuration area, click Add to enter the RADIUS server configuration page.