beautypg.com

H3C Technologies H3C SecBlade LB Cards User Manual

Page 68

background image

57

If you delete an accounting server that is serving users, the device no longer sends real-time accounting

requests or stop-accounting requests for the users to that server, or buffers the stop-accounting requests.
RADIUS does not support accounting for FTP users.
To specify RADIUS accounting servers and set relevant parameters for a scheme:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter RADIUS scheme view.

radius scheme
radius-scheme-name

N/A

3.

Specify RADIUS accounting
servers.

Specify the primary RADIUS

accounting server:
primary accounting

{ ip-address | ipv6

ipv6-address } [ port-number |

key [ cipher | simple ] key |
vpn-instance

vpn-instance-name ] *

Specify a secondary RADIUS

accounting server:

secondary accounting

{ ip-address | ipv6
ipv6-address } [ port-number |

key [ cipher | simple ] key |

vpn-instance

vpn-instance-name ] *

Configure at least one command.
No accounting server is specified
by default.
The IP addresses of the primary

and secondary accounting servers
must be different from each other.

Otherwise, the configuration fails.
All servers for

authentication/authorization and
accounting, primary or secondary,

must use IP addresses of the same

IP version.

4.

Set the maximum number of
real-time accounting attempts.

retry realtime-accounting
retry-times

Optional.
The default setting is 5.

5.

Enable buffering of
stop-accounting requests to

which no responses are

received.

stop-accounting-buffer enable

Optional.
Enabled by default.

6.

Set the maximum number of
stop-accounting attempts.

retry stop-accounting retry-times

Optional.
The default setting is 500.

Specifying the shared keys for secure RADIUS communication

The RADIUS client and RADIUS server use the MD5 algorithm and a shared key pair for packet

authentication and password encryption in a certain type of communication.
A shared key configured in RADIUS scheme view applies to all servers of the specified type (accounting

or authentication) in that scheme, and has a lower priority than those configured for individual RADIUS

servers.
To specify a shared key for secure RADIUS communication:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter RADIUS scheme view.

radius scheme
radius-scheme-name

N/A

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: