R3721-F3210-F3171-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

131

132

133

134

135

136

137

138

139

140

130

Default level

2: System level

Parameters

None

Description

Use radius client enable to enable the RADIUS listening port of a RADIUS client.

Use undo radius client to disable the RADIUS listening port of a RADIUS client.

By default, the RADIUS listening port is enabled.

When the listening port of the RADIUS client is disabled:

• No more stop-accounting requests of online users cannot be sent out or buffered, and the RADIUS

server can no longer receive logoff requests from online users. After a user goes offline, the RADIUS

server still has the user's record during a certain period of time.

• The buffered accounting packets cannot be sent out and are deleted from the buffer when the

configured maximum number of attempts is reached, affecting the precision of user accounting.

• If local authentication, authorization, or accounting is configured as the backup, the firewall

performs local authentication, authorization, or accounting instead after the RADIUS request fails.

Local accounting is only for monitoring and controlling the number of local user connections; it

does not provide the statistics function that the accounting feature generally provides.

Examples

# Enable the listening port of the RADIUS client.

<Sysname> system-view

[Sysname] radius client enable

radius nas-ip

Syntax

radius nas-ip { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ]

undo radius nas-ip { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ]

View

System view

Default level

2: System level

Parameters

ipv4-address: IPv4 address in dotted decimal notation. It must be an address of the firewall and cannot

be 0.0.0.0, 255.255.255.255, a class D address, a class E address, or a loopback address.

ipv6 ipv6-address: Specifies an IPv6 address. It must be a unicast address of the firewall that is neither

a loopback address nor a link-local address.

vpn-instance vpn-instance-name: Specifies the VPN to which the source IPv4 address belongs. The

vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. With a VPN specified, the

command specifies a private-network source IPv4 address. With no VPN specified, the command

specifies a public-network source IPv4 address.