HP FlexNetwork NJ5000 User Manual page 312

Item
Username Format
Authentication Key
Confirm Authentication Key
Accounting Key
Confirm Accounting Key
Quiet Time
Server Response Timeout
Time
Request Transmission
Attempts
Description
•
Standard—Standard RADIUS servers. The RADIUS client and
RADIUS server communicate by using the standard RADIUS protocol
and packet format defined in RFC 2138/2139 or later.
•
Extended—Extended RADIUS servers, usually running on CAMS or
IMC. The RADIUS client and the RADIUS server communicate by
using the proprietary RADIUS protocol and packet format.
Select the format of usernames to be sent to the RADIUS server.
Typically, a username is in the format of userid@isp-name, of which
isp-name is used by the device to determine the ISP domain for the user. If
a RADIUS server (such as a RADIUS server of some early version) does
not accept a username that contains an ISP domain name, you can
configure the device to remove the domain name of a username before
sending it to the RADIUS server. The options include:
•
Original format—Configure the device to send the username of a
user on an "as is" basis.
•
With domain name—Configure the device to include the domain
name in a username.
•
Without domain name—Configure the device to remove any domain
name of a username.
Set the shared key for RADIUS authentication packets and that for
RADIUS accounting packets.
The RADIUS client and the RADIUS authentication/accounting server use
MD5 to encrypt RADIUS packets. They verify packets through the
specified shared key. The client and the server can receive and respond to
packets from each other only when they use the same shared key.
IMPORTANT:
•
The shared keys configured on the device must be consistent with
those configured on the RADIUS servers.
•
The shared keys configured in the common configuration part are
used only when no corresponding shared keys are configured in the
RADIUS server configuration part.
Set the time the device keeps an unreachable RADIUS server in blocked
state.
If you set the quiet time to 0, when the device needs to send an
authentication or accounting request but finds that the current server is
unreachable, it does not change the server's status that it maintains. It
simply sends the request to the next server in the active state. As a result,
when the device needs to send a request of the same type for another
user, it still tries to send the request to the server because the server is in
the active state.
You can use this parameter to control whether the device changes the
status of an unreachable server. For example, if you determine that the
primary server is unreachable because the device's port for connecting the
server is out of service temporarily or the server is busy, you can set the
time to 0 so that the device uses the primary server as much.
Set the RADIUS server response timeout time.
If the device sends a RADIUS request to a RADIUS server but receives no
response in the specified server response timeout time, it retransmits the
request. Setting a proper value according to the network conditions helps
in improving the system performance.
Set the maximum number of attempts for transmitting a RADIUS packet to
a single RADIUS server. If the device does not receive a response to its
request from the RADIUS server within the response timeout period, it
retransmits the RADIUS request. If the number of transmission attempts
exceeds the limit but the device still does not receive a response from the
300