By setting the maximum number of real-time accounting attempts for a scheme, you make the switch
disconnect users for whom no accounting response is received before the number of accounting attempts
reaches the limit.
When the switch receives a connection teardown request from a host or a connection teardown
notification from an administrator, it sends a stop-accounting request to the accounting server. You can
enable buffering of non-responded stop-accounting requests to allow the switch to buffer and resend a
stop-accounting request until it receives a response or the number of stop-accounting attempts reaches
the configured limit. In the latter case, the switch discards the packet.
Follow these guidelines when you specify RADIUS accounting servers:
The IP addresses of the primary and secondary accounting servers must be different from each other.
•
Otherwise, the configuration fails.
All servers for authentication/authorization and accountings, primary or secondary, must use IP
•
addresses of the same IP version.
If you delete an accounting server that is serving users, the switch can no longer send real-time
•
accounting requests and stop-accounting requests for the users to that server, or buffer the
stop-accounting requests.
You can specify a RADIUS accounting server as the primary accounting server for one scheme and
•
as the secondary accounting server for another scheme at the same time.
RADIUS does not support accounting for FTP users.
•
To specify RADIUS accounting servers and set relevant parameters for a scheme:
Step
Enter system view.
1.
2.
Enter RADIUS scheme view.
3.
Specify RADIUS accounting
servers.
4.
Set the maximum number of
real-time accounting
attempts.
5.
Enable buffering of
stop-accounting requests to
which no responses are
received.
6.
Set the maximum number of
stop-accounting attempts.
Command
system-view
radius scheme radius-scheme-name
•
Specify the primary RADIUS accounting
server:
primary accounting { ip-address | ipv6
ipv6-address } [ port-number | key [ cipher
| simple ] key | vpn-instance
vpn-instance-name ] *
•
Specify a secondary RADIUS accounting
server:
secondary accounting { ip-address | ipv6
ipv6-address } [ port-number | key [ cipher
| simple ] key | vpn-instance
vpn-instance-name ] *
retry realtime-accounting retry-times
stop-accounting-buffer enable
retry stop-accounting retry-times
22
Remarks
N/A
N/A
Configure at least one
command.
No accounting server is
specified by default.
Optional.
The default setting is 5.
Optional.
Enabled by default.
Optional.
The default setting is
500.