R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101
143
You can specify a source IP address for outgoing RADIUS packets in RADIUS scheme view for a specific
RADIUS scheme, or in system view for all RADIUS schemes whose servers are in a VPN or the public
network. Before sending a RADIUS packet, a NAS selects a source IP address in this order:
• The source IP address specified for the RADIUS scheme.
• The source IP address specified in system view for the VPN or public network, depending on where
the RADIUS server resides.
• The IP address of the outbound interface specified by the route.
Follow these steps to specify a source IP address for all RADIUS schemes in a VPN or the public network:
To do… Use the command…
Remarks
Enter system view system-view —
Specify a source IP address for
outgoing RADIUS packets
radius nas-ip ip-address
Required
By default, the IP address of the outbound
interface is used as the source IP address.
Follow these steps to specify a source IP address for a specific RADIUS scheme:
To do… Use the
command…
Remarks
Enter system view system-view —
Enter RADIUS scheme view
radius scheme
radius-scheme-name
—
Specify a source IP address for
outgoing RADIUS packets
nas-ip ip-address
Required
By default, the IP address of the outbound
interface is used as the source IP address.
Setting timers for controlling communication with RADIUS servers
The device uses the following types of timers to control the communication with a RADIUS server:
• Server response timeout timer (response-timeout)—Defines the RADIUS request retransmission
interval. After sending a RADIUS request (authentication/authorization or accounting request), the
device starts this timer. If the device receives no response from the RADIUS server before this timer
expires, it resends the request.
• Server quiet timer (quiet)—Defines the duration to keep an unreachable server in the blocked state.
If a server is not reachable, the device changes the server’s status to blocked, starts this timer for the
server, and tries to communicate with another server in the active state. After this timer expires, the
device changes the status of the server back to active.
• Real-time accounting timer (realtime-accounting)—Defines the interval at which the device sends
real-time accounting packets to the RADIUS accounting server for online users. To implement
real-time accounting, the device must periodically send real-time accounting packets to the
accounting server for online users.
Follow these steps to set timers for controlling communication with RADIUS servers:
To do… Use the command…
Remarks
Enter system view system-view —
Enter RADIUS scheme view
radius scheme
radius-scheme-name
—