F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

221

222

223

224

225

226

227

228

229

230

215

• When a number of secondary servers are configured, the client connections of access modules that

have a short client connection timeout period may still be timed out during initial authentication or

accounting, even if the packet transmission attempt limit and server response timeout period are

configured with small values. In this case, the next authentication or accounting attempt can

succeed because the device has set the status of the unreachable servers to blocked so time for

finding a reachable server is shortened.

• Properly set the server quiet timer. Too short a quiet timer can result in frequent authentication or

accounting failures because the device has to repeatedly attempt to communicate with an

unreachable server that is in active state.

To set RADIUS timers:

Ste

Command

Remarks

1. Enter system view. system-view N/A

2. Enter RADIUS

scheme view.

radius scheme

radius-scheme-name

N/A

3. Set the RADIUS

server response

timeout timer.

timer response-timeout

seconds

Optional.

The default RADIUS server response timeout timer is 3

seconds.

4. Set the server quiet

timer.

timer quiet minutes

Optional.

The default server quiet timer is 5 minutes.

5. Set the real-time

accounting interval.

timer

realtime-accounting

minutes

Optional.

The default real-time accounting interval is 12 minutes.

440BConfiguring RADIUS accounting-on

The accounting-on feature enables the device to send an accounting-on packet to the RADIUS server after

it reboots so the server can log out users who logged in through the device before the reboot. Without this

feature, users who were online before the reboot could not re-log in after the reboot, because the RADIUS

server would consider them already online.

If the device receives no response to the accounting-on packet, it re-sends the packet to the RADIUS

server at a particular interval for a specified number of times.

The accounting-on feature requires the cooperation of the HP IMC network management system.

To configure the accounting-on feature for a RADIUS scheme:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter RADIUS scheme

view.

radius scheme

radius-scheme-name

N/A

3. Enable accounting-on and

configure parameters.

accounting-on enable

[ interval seconds | send

send-times ] *

Disabled by default.

The default interval is 3 seconds, and the

default number of send-times is 5.

441BConfiguring the IP address of the security policy server

The core of the HP EAD solution is integration and cooperation. The security policy server is the

management and control center for EAD. Using a collection of software, the security policy server