HP FlexNetwork 10500 Series Security Configuration Manual page 45
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
•
Realtime accounting timer (realtime-accounting)—Defines the interval at which the device
sends realtime accounting packets to the RADIUS accounting server for online users.
When you set RADIUS timers, follow these guidelines:
•
When you configure the maximum number of RADIUS packet transmission attempts and the
RADIUS server response timeout timer, consider the number of secondary servers. If the
retransmission process takes too much time, the client connection in the access module (for
example, Telnet) might time out during the process.
•
For client connections with a short timeout period, the initial authentication or accounting might
fail, even if small packet transmission attempt limit and server response timeout period are
configured. However, the next authentication or accounting attempt can succeed, because the
device has set the unreachable servers to blocked, which shortens the amount of time for
finding a reachable server.
•
Make sure the server quiet timer is set correctly. A timer that is too short might result in frequent
authentication or accounting failures. This is because the device will continue to attempt to
communicate with an unreachable server that is in active state. A timer that is too long might
temporarily block a reachable server that has recovered from a failure. This is because the
server will remain in blocked state until the timer expires.
•
A short realtime accounting interval helps improve accounting precision but requires many
system resources. When there are 1000 or more users, set the interval to 15 minutes or longer.
To set RADIUS timers:
Step
1.
Enter system view.
2.
Enter RADIUS scheme view.
3.
Set the RADIUS server
response timeout timer.
4.
Set the quiet timer for the
servers.
5.
Set the realtime accounting
timer.
Configuring the accounting-on feature
When the accounting-on feature is enabled, the device automatically sends an accounting-on packet
to the RADIUS server after a card reboot. Upon receiving the accounting-on packet, the RADIUS
server logs out all online users so they can log in again through the device. Without this feature,
users cannot log in again after the reboot, because the RADIUS server considers them to come
online.
You can configure the interval for which the device waits to resend the accounting-on packet and the
maximum number of retries.
The RADIUS server must run on IMC to correctly log out users when a card reboots on the device to
which the users connect.
To configure the accounting-on feature for a RADIUS scheme:
Step
1.
Enter system view.
2.
Enter RADIUS scheme view.
Command
system-view
radius scheme
radius-scheme-name
timer response-timeout
seconds
timer quiet minutes
timer realtime-accounting
interval
Command
system-view
radius scheme
radius-scheme-name
31
Remarks
N/A
N/A
The default setting is 3 seconds.
The default setting is 5 minutes.
The default setting is 12 minutes.
Remarks
N/A
N/A
Advertisement
Table of Contents
Troubleshooting
