HPE Moonshot 45Gc Security Configuration Manual page 40

Step
4. (Optional.) Set the data
flow and packet
measurement units for
traffic statistics.
Setting the maximum number of RADIUS request transmission attempts
RADIUS uses UDP packets to transfer data. Because UDP communication is not reliable, RADIUS
uses a retransmission mechanism to improve reliability. A RADIUS request is retransmitted if the
NAS does not receive a server response for the request within the response timeout timer. For more
information about the RADIUS server response timeout timer, see
You can set the maximum number for the NAS to retransmit a RADIUS request to the same server.
When the maximum number is reached, the NAS tries to communicate with other RADIUS servers in
active state. If no other servers are in active state at the time, the NAS considers the authentication
or accounting attempt a failure.
To set the maximum number of RADIUS request transmission attempts:
Step
1. Enter system view.
2. Enter RADIUS scheme view.
3. Set the maximum number of
RADIUS request transmission
attempts.
Setting the status of RADIUS servers
To control the RADIUS servers with which the device communicates when the current servers are no
longer available, set the status of RADIUS servers to blocked or active. You can specify one primary
RADIUS server and multiple secondary RADIUS servers. The secondary servers act as the backup
of the primary server. When the RADIUS server load sharing feature is disabled, the device chooses
servers based on the following rules:
•
When the primary server is in active state, the device communicates with the primary server.
•
If the primary server fails, the device performs the following operations:
Changes the server status to blocked.
Starts a quiet timer for the server.
Tries to communicate with a secondary server in active state that has the highest priority.
•
If the secondary server is unreachable, the device performs the following operations:
Changes the server status to blocked.
Starts a quiet timer for the server.
Tries to communicate with the next secondary server in active state that has the highest
priority.
•
The search process continues until the device finds an available secondary server or has
checked all secondary servers in active state. If no server is available, the device considers the
authentication or accounting attempt a failure.
Command
data-flow-format { data { byte
| giga-byte | kilo-byte |
mega-byte } | packet
{ giga-packet | kilo-packet |
mega-packet | one-packet } }*
Command
system-view
radius scheme
radius-scheme-name
retry retry-times
27
Remarks
system scheme, the ISP domain
name is removed.
For more information about the startup
configuration, see Fundamentals
Configuration Guide.
By default, traffic is counted in bytes and
packets.
"Setting RADIUS
Remarks
N/A
N/A
The default setting is 3.
timers."