beautypg.com

Setting the supported radius server type, Setting the status of radius servers – H3C Technologies H3C SecBlade LB Cards User Manual

Page 70

background image

59

Setting the supported RADIUS server type

The supported RADIUS server type determines the type of the RADIUS protocol that the device uses to

communicate with the RADIUS server. It can be standard or extended:

Standard—Uses the standard RADIUS protocol, compliant to RFC 2865 and RFC 2866 or later.

Extended—Uses the proprietary RADIUS protocol of H3C.

When the RADIUS server runs on IMC, you must set the RADIUS server type to extended. When the

RADIUS server runs third-party RADIUS server software, either RADIUS server type applies.
To set the RADIUS server type:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter RADIUS scheme view.

radius scheme radius-scheme-name N/A

3.

Set the RADIUS server type.

server-type { extended | standard }

Optional.
The default RADIUS server type
is standard.

NOTE:

Changing the RADIUS server type will restore the unit for data flows and that for packets that are sent to
the RADIUS server to the defaults.

Setting the maximum number of RADIUS request transmission attempts

RADIUS uses UDP packets to transfer data. UDP communication is not reliable. To improve reliability,

RADIUS uses a retransmission mechanism. If a NAS sends a RADIUS request to a RADIUS server but

receives no response before the response timeout timer (defined by the timer response-timeout command)
expires, it retransmits the request. If the number of transmission attempts exceeds the specified limit but

it still receives no response, it tries to communicate with other RADIUS servers in active state. If no other

servers are in active state at the time, it considers the authentication or accounting attempt a failure. For

more information about RADIUS server states, see "

Setting the status of RADIUS servers

."

The maximum number of transmission attempts of RADIUS packets multiplied by the RADIUS server

response timeout period cannot be greater than 75 seconds. For more information about the RADIUS

server response timeout timer, see "

Setting RADIUS timers

."

To set the maximum number of RADIUS request transmission attempts for a scheme:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter RADIUS scheme view.

radius scheme radius-scheme-name N/A

3.

Set the maximum number of
RADIUS request transmission

attempts.

retry retry-times

Optional.
The default setting is 3.

Setting the status of RADIUS servers

By setting the status of RADIUS servers to blocked or active, you can control the AAA servers with which

the device communicates when the current servers are no longer available. In practice, you can specify
one primary RADIUS server and multiple secondary RADIUS servers, with the secondary servers

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: