R3721-F3210-F3171-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

141

142

143

144

145

146

147

148

149

150

135

View

RADIUS scheme view

Default level

2: System level

Parameters

retry-times: Maximum number of accounting attempts, in the range of 1 to 255.

Description

Use retry realtime-accounting to set the maximum number of accounting attempts.

Use undo retry realtime-accounting to restore the default.

By default, the maximum number of accounting attempts is 5.

A RADIUS server usually checks whether a user is online by using a timeout timer. If it receives no

real-time accounting request for a user in the timeout period from the NAS, it considers that there may be

line or device failures and stops accounting for the user. This may happen when some unexpected failure

occurs. To cooperate with this feature of the RADIUS server, the NAS needs to keep pace with the server

in disconnecting the user. The maximum number of accounting attempts, together with some other

parameters, enables the NAS to disconnect the user in time.

The maximum number of accounting attempts, together with some other parameters, controls how the

NAS sends accounting request packets.

Suppose that the RADIUS server response timeout period is three seconds (set with the timer

response-timeout command), the maximum number of RADIUS packet transmission attempts is three (set

with the retry command), the real-time accounting interval is 12 minutes (set with the timer

realtime-accounting command), and the maximum number of accounting attempts is five (set with the

retry realtime-accounting command). In this case, the firewall generates an accounting request every 12

minutes, and retransmits the request if it sends the request but receives no response within three seconds.

If the firewall receives no response after transmitting the request three times, it considers the accounting

attempt a failure, and makes another accounting attempt. If five consecutive accounting attempts fail, the

firewall cuts the user connection.

Related commands: retry, timer response-timeout, and timer realtime-accounting.

Examples

# Set the maximum number of accounting attempts to 10 for RADIUS scheme radius1.

<Sysname> system-view

[Sysname] radius scheme radius1

[Sysname-radius-radius1] retry realtime-accounting 10

retry stop-accounting (RADIUS scheme view)

Syntax

retry stop-accounting retry-times

undo retry stop-accounting

View

RADIUS scheme view