R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-XG TAA-compliant Router

411

412

413

414

415

416

417

418

419

420

402

Item Descri

tion

Request Transmission Attempts

Set the maximum number of attempts for transmitting a RADIUS packet to a

single RADIUS server. If the device does not receive a response to its request

from the RADIUS server within the response timeout period, it retransmits the

RADIUS request. If the number of transmission attempts exceeds the limit but

the device still does not receive a response from the RADIUS server, the

device considers the request a failure.

IMPORTANT:

The server response timeout time multiplied by the maximum number of

RADIUS packet transmission attempts must not exceed 75.

Realtime Accounting Interval

Set the interval for sending real-time accounting information to the RADIUS

accounting server. The interval must be a multiple of 3.

Different real-time accounting intervals impose different performance

requirements on the NAS and the RADIUS server. A shorter interval helps

achieve higher accounting precision but requires higher performance. Use a

longer interval when a large number of users (1000 or more) exist. For more

information about the recommended real-time accounting intervals, see

"Table 36."

Realtime Accounting Attempts

Set the maximum number of attempts for sending a real-time accounting

request.

Unit for Data Flows

Specify the unit for data flows sent to the RADIUS server, which can be byte,

kilo-byte, mega-byte, or giga-byte.

Unit for Packets

Specify the unit for data packets sent to the RADIUS server, which can be

one-packet, kilo-packet, mega-packet, or giga-packet.

VPN

Specify the VPN to which the RADIUS scheme belongs.

This setting is effective on all RADIUS authentication servers and accounting

servers configured in the RADIUS scheme, but the VPN individually specified

for a RADIUS authentication or accounting server takes priority.

Security Policy Server Specify the IP address of the security policy server.

RADIUS Packet Source IP

Specify the source IP address for the device to use in RADIUS packets sent to

the RADIUS server.

HP recommends using a loopback interface address instead of a physical

interface address as the source IP address. If the physical interface is down,

the response packets from the server cannot reach the device.

RADIUS Packet Backup Source

Specify the backup source IP address for the device to use in RADIUS packets

sent to the RADIUS server.

In a stateful failover environment, the backup source IP address must be the

source IP address for the remote device to use in RADIUS packets sent to the

RADIUS server, so that the backup server can receive the RADIUS packets

sent from the RADIUS server when the master device fails.

Buffer stop-accounting packets

Stop-Accounting Attempts

Enable or disable buffering of stop-accounting requests for which no

responses are received, and set the maximum number of attempts for

sending stop-accounting requests.