H3C S5830V2 Security Configuration Manual page 39

Step
3. Specify a VPN for the RADIUS
scheme.
Setting the username format and traffic statistics units
A username is typically in the format userid@isp-name, where isp-name represents the user's ISP domain
name. By default, the ISP domain name is included in a username. However, some earlier RADIUS
servers do not recognize usernames that contain the ISP domain names. In this case, you can configure
the device to remove the domain name of each username to be sent.
For correct identification of users, do not configure the device to remove the ISP domain names from
usernames for the RADIUS scheme that is referenced by two or more ISP domains.
The device reports online user traffic statistics in accounting packets. The traffic measurement units are
configurable, but they must be the same as configured on the RADIUS accounting servers.
To set the username format and the traffic statistics units for a RADIUS scheme:
Step
1. Enter system view.
2. Enter RADIUS scheme view.
3. Set the format for usernames
sent to the RADIUS servers.
4. (Optional.) Set the data flow
and packet measurement
units for traffic statistics.
Setting the maximum number of RADIUS request transmission attempts
RADIUS uses UDP packets to transfer data. Because UDP communication is not reliable, RADIUS uses a
retransmission mechanism to improve reliability. If a NAS sends a RADIUS request to a RADIUS server
but receives no response before the response timeout timer (defined by the timer response-timeout
command) expires, the NAS retransmits the request. If the number of transmission attempts exceeds the
specified limit but the NAS still does not receive a response, it tries to communicate with other RADIUS
servers in active state. If no other servers are in active state at the time, the NAS considers the
authentication or accounting attempt a failure. For more information about the RADIUS server response
timeout timer, see
To set the maximum number of RADIUS request transmission attempts:
Step
1. Enter system view.
2. Enter RADIUS scheme view.
3. Set the maximum number of RADIUS
request transmission attempts.
Command
vpn-instance vpn-instance-name
Command
system-view
radius scheme
radius-scheme-name
user-name-format { keep-original
| with-domain | without-domain }
data-flow-format { data { byte |
giga-byte | kilo-byte |
mega-byte } | packet
{ giga-packet | kilo-packet |
mega-packet | one-packet } }*
"Setting RADIUS timers."
Command
system-view
radius scheme
radius-scheme-name
retry retry-times
25
Remarks
By default, a RADIUS scheme
belongs to the public network.
Remarks
N/A
N/A
By default, the ISP domain name is
included in a username.
By default, traffic is counted in
bytes and packets.
The command does not apply to
802.1X and MAC users, for whom
the switch does not support traffic
accounting.
Remarks
N/A
N/A
The default setting is 3.