H3C Technologies H3C Intelligent Management Center User Manual
Page 594
576
3.
Click the Configure icon for a system setting entry.
4.
Configure AAA parameters:
{
Aging Interval (Minutes)—Set the time interval at which UAM checks the status of each online
user. If the time since the Accounting-Request packet or the last Accounting-Update packet of a
user was received exceeds the aging interval, UAM considers that the user is offline and deletes
the user from the online user list. HP recommends you to set the value to at least three times the
sending interval of Accounting-Update packets. The sending interval of Accounting-Update
packets is configured on the access devices.
{
Authentication Lock Time (Seconds)—Set the time span between the end of authorization and
the start of accounting. User reauthentication is prohibited in the time span. Use the default
value of 5 seconds.
{
Estimated Access Period (Days)—Set the estimated access period for access period policies.
UAM computes at every 00:00 the permitted access period in the estimated access period for
each access period policy, and stores the result in a temporary table. Then UAM checks the
service used by each authenticating access user for the access period policy, and search the
table to determine whether or not the user can access in the network in the current period. A
large value can affect system performance. HP recommends you to use the default value of 3
days.
{
Max. Session Duration (Seconds)—Configure how long access users can stay online. The value
is delivered to users in Access-Accept packets or Accounting-Update packets. HP recommends
you to set the value to at least three times the sending interval of Accounting-Update packets. The
sending interval of Accounting-Update packets is configured on the access devices.
{
Traffic Unit (Bytes)—Configure the unit to use for measuring user traffic. The parameter must be
the same as what is configured on the access devices.
{
Unit of Remaining Traffic (Bytes)—Configure the unit to use for measuring the remaining user
traffic.
{
Client Protection against Cracks—Select Enable or Disable from the list to enable or disable the
function. For more information about the client anti-crack function, see "
{
Max. Authentication Attempts (Times)—Set the maximum number of consecutive authentication
attempts permitted for an access user with incorrect passwords. If the maximum authentication
attempts are exceeded, UAM adds the user to the blacklist to block the user from the computer
where the login attempts are performed. The user is released from the blacklist at 00:00 the next
day. If you do not want to restrict the authentication attempts, set the parameter to 0.
{
Stateless failover—Configure the stateless failover function. Options are Disable, Active, and
Standby. To disable the stateless failover function, select Disable. To enable the stateless failover
function and configure the current UAM server as the active server, select Active. To enable the
stateless failover function and configure the current UAM server as the standby server, select
Standby. The stateless failover function allows the standby UAM server to take over as the active
server and complete user authentication in case the active UAM server fails.
{
NAS Port for Control—Set the port number that UAM uses to send control packets to the access
devices. This parameter must be the same as what is configured on the access devices. Only HP
Comware and H3C devices support the parameter.
{
Control User Authentication—Select Enable or Disable from the list to enable or disable the
function. With the function enabled, UAM discards the authentication packets of the user with
consecutive authentication failures in a short period of time.