Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Command Reference-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
211212213214215216217218219220
204
No more stop-accounting requests of online users cannot be sent out or buffered, and the RADIUS
server can no longer receive logoff requests from online users. After a user goes offline, the RADIUS
server still has the user's record during a certain period of time.
The buffered accounting packets cannot be sent out and are deleted from the buffer when the
configured maximum number of attempts is reached, affecting the precision of user accounting.
If local authentication, authorization, or accounting is configured as the backup, the device
performs local authentication, authorization, or accounting instead after the RADIUS request fails.
Local accounting is only for monitoring and controlling the number of local user connections. It does
not provide the statistics function that the accounting feature generally provides.
Examples
# Enable the RADIUS client service.
<Sysname> system-view
[Sysname] radius client enable
radius nas-ip
Use radius nas-ip to specify a source address for outgoing RADIUS packets.
Use undo radius nas-ip to remove the configuration.
Syntax
radius nas-ip { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ]
undo radius nas-ip { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ]
Default
The source IP address of an outgoing RADIUS packet is the IP address of the outbound interface.
Views
System view
Default command level
2: System level
Parameters
ipv4-address: IPv4 address in dotted decimal notation. It must be an address of the device and cannot
be 0.0.0.0, 255.255.255.255, a class D address, or a class E address.
ipv6 ipv6-address: Specifies an IPv6 address. It must be a unicast address of the device and cannot be
a link-local address.
The following matrix shows the ipv6 ipv6-address option and firewalls and UTM devices compatibility:
Hardware O
p
tion com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 Yes
Firewall module Yes
U200-A Yes
U200-S No