beautypg.com

Configuring radius accounting-on – H3C Technologies H3C SecBlade LB Cards User Manual

Page 74

background image

63

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter RADIUS scheme view.

radius scheme
radius-scheme-name

N/A

3.

Set the RADIUS server

response timeout timer.

timer response-timeout
seconds

Optional.
The default RADIUS server response timeout
timer is 3 seconds.

4.

Set the server quiet timer.

timer quiet minutes

Optional.
The default server quiet timer is 5 minutes.

5.

Set the real-time accounting
interval.

timer
realtime-accounting

minutes

Optional.
The default real-time accounting interval is 12

minutes.

Configuring RADIUS accounting-on

The accounting-on feature enables the device to send an accounting-on packet to the RADIUS server after

it reboots so the server can log out users who logged in through the device before the reboot. Without this

feature, users who were online before the reboot could not re-log in after the reboot, because the RADIUS

server would consider them already online.
If the device receives no response to the accounting-on packet, it re-sends the packet to the RADIUS server

at a particular interval for a specified number of times.
The accounting-on feature requires the cooperation of the H3C IMC network management system.
To configure the accounting-on feature for a RADIUS scheme:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter RADIUS scheme
view.

radius scheme
radius-scheme-name

N/A

3.

Enable accounting-on and
configure parameters.

accounting-on enable
[ interval seconds | send

send-times ] *

Disabled by default.
The default interval is 3 seconds, and the

default number of send-times is 5.

Configuring the IP address of the security policy server

The core of the H3C EAD solution is integration and cooperation. The security policy server is the
management and control center for EAD. Using a collection of software, the security policy server

provides functions such as user management, security policy management, security status assessment,

security cooperation control, and security event audit.
The NAS checks the validity of received control packets and accepts only control packets from known
servers. To use a security policy server that is independent of the AAA servers, you must configure the IP

address of the security policy server on the NAS. To implement all EAD functions, configure both the IP

address of the security policy server and the IP address of the IMC Platform on the NAS.
To configure the IP address of the security policy server for a scheme:

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: