R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
146
To do… Use the command…
Remarks
Specify the primary RADIUS
authentication/authorization server
primary authentication ip-address
[ port-number ] [ key string ]
Required
Configure at least one of the
commands
No authentication server by
default
Specify the secondary RADIUS
authentication/authorization server
secondary authentication ip-address
[ port-number ] [ key string ]
NOTE:
• The IP addresses of the primary and secondary authentication/authorization servers for a scheme mus
t
be different from each other. Otherwise, the configuration will fail.
• All servers for authentication/authorization and accountings, primary or secondary, must use IP
addresses of the same IP version.
• You can specify a RADIUS authentication/authorization server as the primary
authentication/authorization server for one scheme and as the secondary authentication/authorization
server for another scheme at the same time.
Specifying the RADIUS accounting servers and relevant
parameters
You can specify one primary accounting server and one accounting servers for a RADIUS scheme. When
the primary server is not available, the secondary server is used, if any. When redundancy is not
required, specify only the primary server.
By setting the maximum number of real-time accounting attempts for a scheme, you make the LB module
disconnect users for whom no accounting response is received before the number of accounting attempts
reaches the limit.
You can enable buffering of non-responded stop-accounting requests to allow the LB module to buffer
and resend a stop-accounting request until it receives a response or the number of stop-accounting
attempts reaches the configured limit. In the latter case, the LB module discards the packet.
Follow these steps to specify the RADIUS accounting servers and perform related configurations:
To do… Use the command…
Remarks
Enter system view system-view —
Enter RADIUS scheme view
radius scheme
radius-scheme-name
—
Specify the primary RADIUS
accounting server
primary accounting ip-address
[ port-number ] [ key string ]
Required
Configure at least one of the
commands
No accounting server by default
Specify the secondary RADIUS
accounting server
secondary accounting ip-address
[ port-number ] [ key string ]
Enable the LB module to buffer
stop-accounting requests getting
no responses
stop-accounting-buffer enable
Optional
Enabled by default
Set the maximum number of
stop-accounting request
transmission attempts
retry stop-accounting retry-times
Optional
500 by default