R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

171

172

173

174

175

176

177

178

179

180

173

Item Descri

tion

Server Response Timeout

Time

Set the RADIUS server response timeout time.

If the firewall sends a RADIUS request to a RADIUS server but receives no response

within the specified server response timeout time, it retransmits the request. Setting

a proper value according to the network conditions helps in improving the system

performance.

IMPORTANT:

The server response timeout time multiplied by the maximum number of RADIUS

packet transmission attempts must not exceed 75.

Request Transmission

Attempts

Set the maximum number of attempts for transmitting a RADIUS packet to a single

RADIUS server.

Because RADIUS uses UDP packets to transfer data, the communication process is

not reliable. RADIUS uses a retransmission mechanism to improve the reliability. If

a NAS sends a RADIUS request to a RADIUS server but receives no response after

the response timeout timer expires, it retransmits the request. If the number of

transmission attempts exceeds the specified limit but it still receives no response, it

considers the authentication or accounting attempt a failure.

IMPORTANT:

The server response timeout time multiplied by the maximum number of RADIUS

packet transmission attempts must not exceed 75.

Realtime Accounting

Interval

Set the interval for sending real-time accounting information. The interval must be a

multiple of 3.

To implement real-time accounting, the firewall must send real-time accounting

packets to the accounting server for online users periodically.

Different real-time accounting intervals impose different performance requirements

on the NAS and the RADIUS server. A shorter interval helps achieve higher

accounting precision but requires higher performance. Use a longer interval when

a large number of users (1000 or more) exist. For more information about the

recommended real-time accounting intervals, see "RADIUS scheme configuration

guidelines."

Realtime Accounting

Attempts

Set the maximum number of attempts for sending a real-time accounting request.

Unit for Data Flows

Specify the unit for data flows sent to the RADIUS server:

• Byte

• Kilo-byte

• Mega-byte

• Giga-byte

IMPORTANT:

The units specified on the NAS must be consistent with those configured on the

RADIUS server. Otherwise, accounting might be wrong.