F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

251

252

253

254

255

256

257

258

259

260

247

Item Descri

tion

VPN

Specify the VPN to which the RADIUS scheme belongs.

This setting is effective to all RADIUS authentication servers and accounting

servers configured in the RADIUS scheme, but the VPN individually specified

for a RADIUS authentication or accounting server takes priority.

Security Policy Server Specify the IP address of the security policy server.

RADIUS Packet Source IP

Specify the source IP address for the device to use in RADIUS packets sent to

the RADIUS server.

The source IP address of RADIUS packets that a NAS sends must match the IP

address of the NAS configured on the RADIUS server. A RADIUS server

identifies a NAS by its IP address.

Usually, the source address of outgoing RADIUS packets can be the IP

address of the NAS's any interface that can communicate with the RADIUS

server. In some special scenarios, however, you must change the source IP

address. For example, if a NAT device is present between the NAS and the

RADIUS server, the source IP address of outgoing RADIUS packets must be a

public IP address of the NAS. If the NAS is configured with VRRP for stateful

failover, the source IP address of outgoing RADIUS packets can be the virtual

IP address of the VRRP group to which the uplink belongs.

If you do not specify this source IP address, the IP address of the outbound

interface specified by the route is used.

IMPORTANT:

This source IP address and the RADIUS server IP address specified in the

RADIUS scheme must be of the same version. Otherwise, the configuration

cannot take effect.

Buffer stop-accounting packets

Enable or disable buffering of stop-accounting requests for which no

responses are received.

Stop-Accounting Attempts

Set the maximum number of stop-accounting attempts.

The maximum number of stop-accounting attempts, together with some other

parameters, controls how the NAS deals with stop-accounting request

packets.

Suppose that the RADIUS server response timeout period is 3 seconds, the

maximum number of transmission attempts is five, and the maximum number

of stop-accounting attempts is 20. For each stop-accounting request, if the

device receives no response within 3 seconds, it retransmits the request. If it

receives no responses after retransmitting the request five times, it considers

the stop-accounting attempt a failure, buffers the request, and makes another

stop-accounting attempt. If 20 consecutive attempts fail, the device discards

the request.

Send accounting-on packets

Enable or disable the accounting-on feature.

The accounting-on feature enables a device to send accounting-on packets to

RADIUS servers after it reboots, making the servers forcedly log out users

who logged in through the device before the reboot.

IMPORTANT:

When enabling the accounting-on feature on a device for the first time, you

must save the configuration so that the feature takes effect after the device

reboots.

Accounting-On Interval

Set the interval for sending accounting-on packets. This field is configurable

only when the Send accounting-on packets box is selected.