HP 3600 v2 Series Configuration Manual page 37

When the switch receives a connection teardown request from a host or a connection teardown
notification from an administrator, it sends a stop-accounting request to the accounting server. You can
enable buffering of non-responded stop-accounting requests to allow the switch to buffer and resend a
stop-accounting request until it receives a response or the number of stop-accounting attempts reaches
the configured limit. In the latter case, the switch discards the packet.
Follow these guidelines when you specify RADIUS accounting servers:
The IP addresses of the primary and secondary accounting servers must be different from each other.
•
Otherwise, the configuration fails.
All servers for authentication/authorization and accountings, primary or secondary, must use IP
•
addresses of the same IP version.
If you delete an accounting server that is serving users, the switch can no longer send real-time
•
accounting requests and stop-accounting requests for the users to that server, or buffer the
stop-accounting requests.
You can specify a RADIUS accounting server as the primary accounting server for one scheme and
•
as a secondary accounting server for another scheme at the same time.
• RADIUS does not support accounting for FTP users.
To specify RADIUS accounting servers and set relevant parameters for a scheme:
Step
1. Enter system view.
2. Enter RADIUS scheme view.
3. Specify RADIUS accounting
servers.
4. Set the maximum number of
real-time accounting
attempts.
5. Enable buffering of
stop-accounting requests to
which no responses are
received.
6. Set the maximum number of
stop-accounting attempts.
Specifying the shared keys for secure RADIUS communication
The RADIUS client and RADIUS server use the MD5 algorithm to authenticate packets exchanged
between them and use shared keys for packet authentication and user passwords encryption. They must
use the same key for the same type of communication.
Command
system-view
radius scheme radius-scheme-name
•
Specify the primary RADIUS accounting
server:
primary accounting { ip-address | ipv6
ipv6-address } [ port-number | key
[ cipher | simple ] key | vpn-instance
vpn-instance-name ] *
•
Specify a secondary RADIUS
accounting server:
secondary accounting { ip-address |
ipv6 ipv6-address } [ port-number | key
[ cipher | simple ] key | vpn-instance
vpn-instance-name ] *
retry realtime-accounting retry-times
stop-accounting-buffer enable
retry stop-accounting retry-times
24
Remarks
N/A
N/A
Configure at least one
command.
No accounting server is
specified by default.
Optional.
The default setting is 5.
Optional.
Enabled by default.
Optional.
The default setting is 500.