R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

151

152

153

154

155

156

157

158

159

160

151

After you specify the source IP address for RADIUS packets to be sent on a NAS, if the physical port for

sending the RADIUS packets fails, response packets from the RADIUS server will be able to arrive at the

NAS.

You can specify a source IP address for outgoing RADIUS packets in RADIUS scheme view for a specific

RADIUS scheme, or in system view for all RADIUS schemes. Before sending a RADIUS packet, the LB

module selects a source IP address in this order:

1. The source IP address specified for the RADIUS scheme.

2. The source IP address specified in system view.

3. The IP address of the outbound interface specified by the route.

Follow these steps to specify a source IP address for all RADIUS schemes:

To do… Use the command…

Remarks

Enter system view system-view —

Specify the

source IP

address for

outgoing

RADIUS

packets

System view radius nas-ip ip-address Required

Use either approach

By default, there is no source IP address

specified for RADIUS packets and the IP

address of the interface for sending the

RADIUS packets will be used as the source IP

address of the RADIUS packets.

RADIUS scheme

view

radius scheme

radius-scheme-name

nas-ip ip-address

Setting timers for controlling communication with RADIUS

servers

The LB module uses the following types of timers to control the communication with a RADIUS server:

• Server response timeout timer (response-timeout)—Defines the RADIUS request retransmission

interval. After sending a RADIUS request (authentication/authorization or accounting request), the

LB module starts this timer. If the LB module receives no response from the RADIUS server before this

timer expires, it resends the request.

• Server quiet timer (quiet)—Defines the duration to keep an unreachable server in the blocked state.

If a server is not reachable, the LB module changes the server’s status to blocked, starts this timer for

the server, and tries to communicate with another server in the active state. After this timer expires,

the LB module changes the status of the server back to active.

• Real-time accounting timer (realtime-accounting)—Defines the interval at which the LB module

sends real-time accounting packets to the RADIUS accounting server for online users. To implement

real-time accounting, the LB module must periodically send real-time accounting packets to the

accounting server for online users.

Follow these steps to set timers for controlling communication with RADIUS servers:

To do… Use the command…

Remarks

Enter system view system-view —

Enter RADIUS scheme view

radius scheme

radius-scheme-name

—

Set the RADIUS server response

timeout timer

timer response-timeout seconds

Optional

3 seconds by default