Specifying A Security Policy Server - H3C S5500-SI Series Operation Manual

Primary server quiet timer (timer quiet): If the primary server is not reachable, its state changes to
blocked, and the device will turn to the specified secondary server. If the secondary server is
reachable, the device starts this timer and communicates with the secondary server. After this
timer expires, the device turns the state of the primary server to active and tries to communicate
with the primary server while keeping the state of the secondary server unchanged. If the primary
server has come back into operation, the device interacts with the primary server and terminates its
communication with the secondary server.
Real-time accounting interval (realtime-accounting): This timer defines the interval for performing
real-time accounting of users. After this timer is set, the switch will send accounting information of
online users to the RADIUS server at the specified interval.
Follow these steps to set timers regarding RADIUS servers:
To do...
Enter system view
Create a RADIUS scheme and
enter RADIUS scheme view
Set the RADIUS server
response timeout timer
Set the quiet timer for the
primary server
Set the real-time accounting
interval
The maximum number of retransmission attempts of RADIUS packets multiplied by the RADIUS
server response timeout period cannot be greater than 75. This product is also the upper limit of the
timeout time of different access modules.
For an access module, the maximum number of retransmission attempts multiplied by the RADIUS
server response timeout period must be smaller than the timeout time. Otherwise, stop-accounting
messages cannot be buffered, and the primary/secondary server switchover cannot take place.
For example, as the timeout time of voice access is 10 seconds, the product of the two parameters
cannot exceed 10 seconds; as the timeout time of Telnet access is 30 seconds, the product of the
two parameters cannot exceed 30 seconds. For detailed information about timeout time of a
specific access module, refer to the corresponding part in the Access Volume.
To configure the maximum number of retransmission attempts of RADIUS packets, refer to the
command retry in the command manual.

Specifying a Security Policy Server

The core of the EAD solution is integration and cooperation, and the security policy server system is the
management and control center. As a collection of software, the security policy server system can run
on Windows and Linux to provide functions such as user management, security policy management,
security status assessment, security cooperation control, and security event audit.
Use the command...
system-view
radius scheme
radius-scheme-name
timer response-timeout
seconds
timer quiet minutes
timer realtime-accounting
minutes
1-29
Remarks
—
Required
Not defined by default
Optional
3 seconds by default
Optional
5 minutes by default
Optional
12 minutes by default