F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

251

252

253

254

255

256

257

258

259

260

246

Item Descri

tion

Quiet Time

Set the time the device keeps an unreachable RADIUS server in the blocked

state.

The device does not change the status of an unreachable RADIUS

authentication or accounting server if the server quiet timer is 0. Instead, the

device keeps the server status as active and sends authentication or

accounting packets to another server in active state, so subsequent

authentication or accounting packets can still be sent to that server.

To use the primary server as much, you can set this parameter to 0 if the

primary server might be temporarily unreachable because of port down or

overload.

• Server Response Timeout

Time

• Request Transmission

Attempts

Set the RADIUS server response timeout time and the maximum number of

attempts for transmitting a RADIUS packet to a single RADIUS server.

RADIUS uses UDP packets to transfer data, but UDP communication is not

reliable. To improve the reliability, RADIUS uses a retransmission

mechanism. The device retransmits the RADIUS request if no response to the

previous request is received within the server response timeout time. If the

device cannot receive any response within the request transmission attempts,

it tries to communicate with other RADIUS servers in active state. If no other

servers are in active state at the time, it considers the authentication or

accounting attempt a failure.

IMPORTANT:

The server response timeout time multiplied by the maximum number of

RADIUS packet transmission attempts must not exceed 75.

Realtime Accounting Interval

Set the interval for sending real-time accounting information. The interval

must be a multiple of 3.

To implement real-time accounting, the device must send real-time

accounting packets to the accounting server for online users periodically.

Different real-time accounting intervals impose different performance

requirements on the NAS and the RADIUS server. A shorter interval helps

achieve higher accounting precision but requires higher performance. Use a

longer interval when a large number of users (1000 or more) exist. For more

information about the recommended real-time accounting intervals, see

771H

Configuration guidelines."

Realtime Accounting Attempts

Set the maximum number of attempts for sending a real-time accounting

request.

Unit for Data Flows

Specify the unit for data flows sent to the RADIUS server, which can be Byte,

Kilo-byte, Mega-byte, or Giga-byte.

IMPORTANT:

The units specified on the NAS must be consistent with those configured on the

RADIUS server. Otherwise, accounting might be wrong.

Unit for Packets

Specify the unit for data packets sent to the RADIUS server, which can be

One-packet, Kilo-packet, Mega-packet, or Giga-packet.

IMPORTANT:

The units specified on the NAS must be consistent with those configured on the

RADIUS server. Otherwise, accounting might be wrong.