H3C Technologies H3C SecPath F1000-E User Manual

10

Item

Description

Authentication Server Shared Key

Confirm Authentication Shared Key

Accounting Server Shared Key

Confirm Accounting Shared Key

Specify the shared key for the RADIUS authentication packets and that
for the RADIUS accounting packets.
The RADIUS client and RADIUS authentication/accounting server use

MD5 to encrypt RADIUS packets, and they verify the validity of packets
through the specified shared key. Only if the shared key of the client and

that of the server are the same, will the client and server receive and

respond to packets from each other.

IMPORTANT:

The shared keys specified on the device must be consistent with those
configured on the RADIUS servers.

NAS-IP

Specify the source IP address for the device to use in RADIUS packets to
be sent to the RADIUS server. It is recommended to use a loopback

interface address instead of a physical interface address as the source IP

address, because if the physical interface is down, the response packets
from the server cannot reach the device.

Timeout Interval

Set the RADIUS

server response
timeout

Timeout Retransmission Times

Set the maximum
number of

transmission
attempts

IMPORTANT:

The upper limit of the product of the timeout
value and the number of retransmission
attempts of an access module is the timeout
time of the access module and cannot exceed
75 seconds. For example, for voice access and
Telnet access, as the timeout time of voice
access is 10 seconds and that of Telnet access
is 30 seconds, the product cannot exceed 10
and 30 seconds (exclusive); otherwise, the stop
accounting packets cannot be buffered and the
primary and secondary servers cannot switch
over normally.

Realtime-Accounting Interval

Set the real-time accounting interval, whose value must be n times 3 (n is
an integer).
To implement real-time accounting on users, it is necessary to set the
real-time accounting interval. After this parameter is specified, the device

will send the accounting information of online users to the RADIUS server

every the specified interval.
The value of the real-time accounting interval is related to the requirement

on the performance of the NAS and RADIUS server. The smaller the
value, the higher the requirement. It is recommended to set a large value

if the number of users is equal to or larger than 1000.

Table 6

shows the

relationship between the interval value and the number of users.

Realtime-Accounting Packet
Retransmission Times

Set the maximum number of real-time accounting request retransmission
times.
When the number of non-responded real-time accounting requests sent

by the device to the RADIUS server exceeds this number, the device will
cut off the user connection.