R3204P16-HP Load Balancing Module Security Command Reference-6PW101
107
The default value for the retry-times argument is 3.
As RADIUS uses UDP packets to transmit data, the communication is not reliable. If the LB module does
not receive a response to its request from the RADIUS server within the response timeout time, it will
retransmit the RADIUS request. If the number of transmission attempts exceeds the limit but the module
still receives no response from the RADIUS server, the module regards that the authentication fails.
The maximum number of transmission attempts defined by this command refers to the sum of all
transmission attempts sent by the LB module to the primary server and the secondary server. For example,
assume that the maximum number of transmission attempts is N and both the primary server and
secondary RADIUS server are specified and exist, the module will send a request to the other server if the
current server does not respond after the sum of transmission attempts reaches N/2 (if N is an even
number) or (N+1)/2 (if N is an odd number).
The maximum number of transmission attempts multiplied by the RADIUS server response timeout period
cannot be greater than 75.
Related commands: radius scheme and timer response-timeout.
Examples
# Set the maximum number of RADIUS request transmission attempts to 5 for RADIUS scheme radius1.
<Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] retry 5
retry realtime-accounting
Syntax
retry realtime-accounting retry-times
undo retry realtime-accounting
View
RADIUS scheme view
Default level
2: System level
Parameters
retry-times: Maximum number of accounting request transmission attempts. It ranges from 1 to 255 and
defaults to 5.
Description
Use the retry realtime-accounting command to set the maximum number of accounting request
transmission attempts.
Use the undo retry realtime-accounting command to restore the default.
A RADIUS server usually checks whether a user is online by a timeout timer. If it receives from the NAS
no real-time accounting packet for a user in the timeout period, it considers that there may be line or
module failure and stops accounting for the user. This may happen when some unexpected failure occurs.
In this case, the NAS is required to disconnect the user in accordance. This is done by the maximum
number of accounting request transmission attempts. Once the limit is reached but the NAS still receives
no response, the NAS disconnects the user.