F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

261

262

263

264

265

266

267

268

269

270

253

Confi

uration item Descri

tion

Stop-Accounting Buffer

Enable or disable buffering stop-accounting requests without responses in the

device.

Because stop-accounting requests affect the charge to users, a NAS must make

its best effort to send every stop-accounting request to the HWTACACS

accounting servers. For each stop-accounting request getting no response in the

specified period of time, the NAS buffers and resends the packet until it receives

a response or the number of transmission retries reaches the configured limit. In

the latter case, the NAS discards the packet.

Stop-Accounting Packet

Retransmission Times

Set the maximum number of stop-accounting packet transmission attempts if no

response is received for the buffered stop-accounting packet.

If stop-accounting buffer is disabled, this value is ineffective.

If you leave this field blank, the number of retransmission times is restored to the

default value.

Response Timeout Interval

Set the HWTACACS server response timeout time.

After sending an HWTACACS request (authentication, authorization, or

accounting request), the device starts this timer. If the device receives no

response from the server before this timer expires, it resends the request.

If you leave this field blank, the response timeout interval is restored to the

default value.

IMPORTANT:

HWTACACS is based on TCP. The timeout of the server response timeout timer or

the TCP timeout timer causes the NAS to be disconnected from the HWTACACS

server.

Quiet Interval

Specify the interval the primary server has to wait before being active.

If the primary server is not reachable, the device changes the server's status to

blocked, starts this timer for the server, and tries to communicate with a

secondary server in active state. After this timer expires, the device changes the

status of the primary server back to active.

If you leave this field blank, the quiet interval is restored to the default value.

Username Format

Set the format of the username sent to the HWTACACS server.

A username is typically in the format userid@isp-name, where isp-name

represents the name of the ISP domain to which the user belongs. However,

some HWTACACS servers cannot recognize usernames that contain an ISP

domain name. In this case, the device must remove the domain name of each

username before sending the username. You can set the username format on the

device for this purpose.

Options include:

• Without-domain—Configure the device to remove the domain name of a

username that is to be sent to the RADIUS server.

• With-domain—Configure the device to keep the domain name of a

username that is to be sent to the RADIUS server.