Configuring radius accounting-on – H3C Technologies H3C SecPath F1000-E User Manual
Page 200
190
configured with small values. In this case, the next authentication or accounting attempt may
succeed because the firewall has set the state of the unreachable servers to blocked and the time for
finding a reachable server is shortened.
•
Set the server quiet timer properly. Too short a quiet timer may result in frequent authentication or
accounting failures because the firewall has to repeatedly attempt to communicate with an
unreachable server that is in active state.
•
For more information about the maximum number of RADIUS packet transmission attempts, see
"
Setting the maximum number of RADIUS request transmission attempts
To set timers for controlling communication with RADIUS servers:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter RADIUS scheme view.
radius scheme
radius-scheme-name
N/A
3.
Set the RADIUS server
response timeout timer.
timer response-timeout seconds
Optional.
The default RADIUS server
response timeout timer is 3
seconds.
4.
Set the quiet timer for the
servers.
timer quiet minutes
Optional.
The default quiet timer is 5 minutes.
5.
Set the real-time accounting
timer.
timer realtime-accounting minutes
Optional.
The default real-time accounting
timer is 12 minutes.
Configuring RADIUS accounting-on
The accounting-on feature enables a firewall to send accounting-on packets to the RADIUS server after it
reboots, making the server log out users who logged in through the firewall before the reboot. Without
this feature, users who were online before the reboot cannot re-log in after the reboot, because the
RADIUS server considers they are already online.
If a firewall sends an accounting-on packet to the RADIUS server but receives no response, it resends the
packet to the server at a particular interval for a specified number of times.
To configure the accounting-on feature for a RADIUS scheme:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter RADIUS scheme
view.
radius scheme
radius-scheme-name
N/A
3.
Enable accounting-on and
configure parameters.
accounting-on enable
[ interval seconds | send
send-times ] *
Disabled by default.
The default interval is 3 seconds and the
default number of send-times is 5.
NOTE:
The accounting-on feature requires the cooperation of the H3C CAMS or H3C IMC network management
system.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS