HPE FlexFabric 7900 Series Security Configuration Manual page 30

Step
1. Enter system view.
2. Enter RADIUS scheme view.
3. Set the format for usernames
sent to the RADIUS servers.
4. (Optional.) Set the data flow
and packet measurement
units for traffic statistics.
Setting the maximum number of RADIUS request transmission attempts
RADIUS uses UDP packets to transfer data. Because UDP communication is not reliable, RADIUS
uses a retransmission mechanism to improve reliability. A RADIUS request is retransmitted if the
NAS does not receive a server response for the request within the response timeout timer. For more
information about the RADIUS server response timeout timer, see
You can set the maximum number for the NAS to retransmit a RADIUS request to the same server.
When the maximum number is reached, the NAS tries to communicate with other RADIUS servers in
active state. If no other servers are in active state at the time, the NAS considers the authentication
or accounting attempt a failure.
To set the maximum number of RADIUS request transmission attempts:
Step
1. Enter system view.
2. Enter RADIUS scheme view.
3. Set the maximum number of
RADIUS request transmission
attempts.
Setting the status of RADIUS servers
To control the RADIUS servers with which the device communicates when the current servers are no
longer available, set the status of RADIUS servers to blocked or active. You can specify one primary
RADIUS server and multiple secondary RADIUS servers. The secondary servers act as the backup
of the primary server. The device chooses servers based on the following rules:
•
When the primary server is in active state, the device communicates with the primary server.
•
If the primary server fails, the device performs the following operations:
Changes the server status to blocked.
Starts a quiet timer for the server.
Tries to communicate with a secondary server in active state that has the highest priority.
•
If the secondary server is unreachable, the device performs the following operations:
Changes the server status to blocked.
Starts a quiet timer for the server.
Tries to communicate with the next secondary server in active state that has the highest
priority.
Command
system-view
radius scheme
radius-scheme-name
user-name-format
{ keep-original | with-domain |
without-domain }
data-flow-format { data { byte |
giga-byte | kilo-byte |
mega-byte } | packet
{ giga-packet | kilo-packet |
mega-packet | one-packet } }*
Command
system-view
radius scheme
radius-scheme-name
retry retry-times
22
Remarks
N/A
N/A
By default, the ISP domain name
is included in a username.
By default, traffic is counted in
bytes and packets.
"Setting RADIUS timers."
Remarks
N/A
N/A
The default setting is 3.