Huawei Quidway S5600 Series Operation Manual page 563
Hide thumbs
Also See for Quidway S5600 Series:
- Specifications (9 pages) ,
- Installation manual (73 pages)
Table of Contents
Advertisement
Operation Manual – AAA & RADIUS & HWTACACS & EAD
Quidway S5600 Series Ethernet Switches-Release 1510
Note:
The function applies to the environment where the RADIUS authentication/accounting
server is CAMS.
In an environment with a CAMS server, if the switch reboots after an exclusive user (a
user whose concurrent online number is set to 1 on the CAMS) gets authenticated and
authorized and begins being charged, the switch will give a prompt that the user has
already been online when the user re-logs in to the network before CAMS performs
online user detection, and the user cannot get authenticated. In this case, the user can
access the network again only after the CAMS administrator manually removes the
online information of the user.
The user re-authentication upon device restart function is designed to resolve the
above problem. After this function is enabled, every time the switch restarts:
1)
The switch generates an Accounting-On packet, which mainly contains the
following information: NAS-ID, NAS-IP address (source IP address), and session
ID.
2)
The switch sends the Accounting-On packet to CAMS at regular intervals.
3)
Once the CAMS receives the Accounting-On packet, it sends a response to the
switch. At the same time it finds and deletes the original online information of the
users who access the network through the switch before the restart according to
the information contained in this packet (NAS-ID, NAS-IP address and session ID),
and ends the accounting of the users based on the last accounting update packet.
4)
Once the switch receives the response from the CAMS, it stops sending other
Accounting-On packets.
5)
If the switch does not receives any response from the CAMS after the number of
the Accounting-On packets it has sent reaches the configured maximum number,
it does not send any more Accounting-On packets.
Note:
The switch can automatically generate the main attributes (NAS-ID, NAS-IP address
and session ID) in the Accounting-On packets. However, you can also manually
configure the NAS-IP address with the nas-ip command. If you choose to manually
configure the attribute, be sure to configure an appropriate and legal IP address. If this
attribute is not configured, the switch will automatically use the IP address of the VLAN
interface as the NAS-IP address.
Huawei Technologies Proprietary
1-33
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
- Quick Links:
- Chapter 3 Product Overview
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
