HP 6600 Security Configuration Manual page 416
Hide thumbs
Also See for 6600:
- Command reference manual (286 pages) ,
- Configuration manual (236 pages) ,
- Installation and getting started manual (103 pages)
Table of Contents
Advertisement
Item
Request Transmission Attempts
Realtime Accounting Interval
Realtime Accounting Attempts
Unit for Data Flows
Unit for Packets
VPN
Security Policy Server
RADIUS Packet Source IP
RADIUS Packet Backup Source
IP
Buffer stop-accounting packets
Stop-Accounting Attempts
Description
Set the maximum number of attempts for transmitting a RADIUS packet to a
single RADIUS server. If the device does not receive a response to its request
from the RADIUS server within the response timeout period, it retransmits the
RADIUS request. If the number of transmission attempts exceeds the limit but
the device still does not receive a response from the RADIUS server, the
device considers the request a failure.
IMPORTANT:
The server response timeout time multiplied by the maximum number of
RADIUS packet transmission attempts must not exceed 75.
Set the interval for sending real-time accounting information to the RADIUS
accounting server. The interval must be a multiple of 3.
Different real-time accounting intervals impose different performance
requirements on the NAS and the RADIUS server. A shorter interval helps
achieve higher accounting precision but requires higher performance. Use a
longer interval when a large number of users (1000 or more) exist. For more
information about the recommended real-time accounting intervals, see
"Table
36."
Set the maximum number of attempts for sending a real-time accounting
request.
Specify the unit for data flows sent to the RADIUS server, which can be byte,
kilo-byte, mega-byte, or giga-byte.
Specify the unit for data packets sent to the RADIUS server, which can be
one-packet, kilo-packet, mega-packet, or giga-packet.
Specify the VPN to which the RADIUS scheme belongs.
This setting is effective on all RADIUS authentication servers and accounting
servers configured in the RADIUS scheme, but the VPN individually specified
for a RADIUS authentication or accounting server takes priority.
Specify the IP address of the security policy server.
Specify the source IP address for the device to use in RADIUS packets sent to
the RADIUS server.
HP recommends using a loopback interface address instead of a physical
interface address as the source IP address. If the physical interface is down,
the response packets from the server cannot reach the device.
Specify the backup source IP address for the device to use in RADIUS packets
sent to the RADIUS server.
In a stateful failover environment, the backup source IP address must be the
source IP address for the remote device to use in RADIUS packets sent to the
RADIUS server, so that the backup server can receive the RADIUS packets
sent from the RADIUS server when the master device fails.
Enable or disable buffering of stop-accounting requests for which no
responses are received, and set the maximum number of attempts for
sending stop-accounting requests.
402
Advertisement
Table of Contents
Troubleshooting
