H3C Technologies H3C Intelligent Management Center User Manual

578

{

Database Error Handling—This parameter provides two options, Sends a Reject Message and

Discards the Request. If you select Sends a Reject Message, access device does not send the
same authentication requests to UAM. If you select Discards the Request, the access device will

send authentication requests to UAM again. The discard action applies to the scenario where

endpoint users roam among multiple APs.

{

Send Session Timeout Attribute—Configure how the session timeout attribute is sent. Options
are In Both, In Access-Accept Packets, In Update-Accounting-Response Packets, and In None.
The In Both option enables UAM to send the session timeout attribute in Access-Accept packets

and Update-Accounting-Response packets. The In Access-Accept Packets option enables UAM

to send the session timeout attribute in Access-Accept packets only. The In

Update-Accounting-Response Packets option enables UAM to send the session timeout attribute

in Update-Accounting-Response packets only. The In None option disables UAM from sending
the session timeout attribute. Select In Both for the parameter unless in special scenarios.

5.

Configure user data management parameters:

{

Syslog Server IP—Specify the IP address of the syslog server. You can configure UAM to
encapsulate authentication failure logs within syslogs and send them to the syslog server. You

can also configure EAD to encapsulate security logs within syslogs and sent them to the syslog

server.

{

Send Auth Failure Syslogs—Configure UAM to send new authentication failure logs as syslogs
to the server. If you select Yes, UAM checks the user authentication failure logs generated in the
last hour, encapsulates the content of each log as a syslog, and sends the syslogs to the syslog

server. If you select No, UAM does not send authentication failure logs as syslogs.

{

UAM Service Group—Configure the service group function. To permit administrators to define
service groups, select Enable. To prohibit administrators from defining service groups, select

Disable. You can change the service groups function from Enable to Disable only when no

user-defined service group exists in UAM.

{

Access Details Lifetime—Specify how long UAM keeps the user access details. When the time
expires, the access details are automatically deleted. Use the default value of 30 days.

{

Cancelled User Lifetime—Specify how long UAM keeps the account information of an access
user in database after the user is cancelled. This parameter also specifies how long UAM keeps

user access details in the UAM console. When the time expires, UAM permanently deletes the

account information and user access details of the access user from the UAM console and

database.

{

Log Lifetime—Specify how long UAM keeps the user authentication failure logs, self-service
center operation logs, and device management user logs in the database. UAM automatically

deletes the logs that exceeds the log lifetime at 00:00 every day.

{

Enable IPv6—Select Yes or No from the list to enable or disable IPv6. If you select Yes, UAM
checks the IPv6 addresses bound to users, records the IPv6 addresses in the access user list,

online user list, roaming online user list, blacklisted users, authentication failure logs, access

details, and roaming access details, and offers the IPv6 address as a query criteria. If you select
No, UAM does not provide the previous functions. This parameter is ineffective to batch

operations, and you cannot bulk export, import, and modify IPv6 addresses.

{

Send an alarm when the access user authentication queue is full—Select Yes or No from the list
to configure the trap function for full access user authentication queue. If you select Yes, UAM

checks whether a user authentication failure log is generated due to full authentication queue in
the last minute. If a new log is found, UAM sends a trap to the alarm server. If you select No,

UAM does not check for latest user authentication failure logs or send traps.

{

Alarm Server IP—Specify the IP address of the server to receive the trap.