Manualshelf

HP MSR2000/3000/4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
61626364656667686970
53
Predefined user roles
network-admin
Parameters
retry-times: Specifies the maximum number of accounting attempts, in the range of 1 to 255.
Usage guidelines
Typically, a RADIUS accounting server checks whether a user is online by using a timeout timer. If it does
not receive a real-time accounting request for a user in the timeout period from the NAS, it considers that
line or device failures occur and stops accounting for the user. To work with the RADIUS server, the NAS
needs to send real-time accounting requests to the server before the timer on the server expires and to
keep pace with the server in disconnecting the user when a failure occurs. The NAS disconnects from a
user according to the maximum number of accounting attempts and other parameters (see the following
example).
For example, the RADIUS server response timeout period is 3 seconds (set with the timer
response-timeout command), the maximum number of RADIUS packet transmission attempts is three (set
with the retry command), the real-time accounting interval is 12 minutes (set with the timer
realtime-accounting command), and the maximum number of accounting attempts is five (set with the
retry realtime-accounting command). In this case, the device generates an accounting request every 12
minutes, and retransmits the request if it sends the request but receives no response within 3 seconds. If
the device receives no response after transmitting the request three times, it considers the accounting
attempt a failure, and makes another accounting attempt. If five consecutive accounting attempts fail, the
device cuts the user connection.
Examples
# Set the maximum number of accounting attempts to 10 for RADIUS scheme radius1.
<Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] retry realtime-accounting 10
Related commands
retry
timer realtime-accounting (RADIUS scheme view)
timer response-timeout (RADIUS scheme view)
secondary accounting (RADIUS scheme view)
Use secondary accounting to specify a secondary RADIUS accounting server.
Use undo secondary accounting to remove a secondary RADIUS accounting server.
Syntax
secondary accounting { ipv4-address | ipv6 ipv6-address } [ port-number | key { cipher | simple } string
| vpn-instance vpn-instance-name ] *
undo secondary accounting [ { ipv4-address | ipv6 ipv6-address } [ port-number | vpn-instance
vpn-instance-name ] * ]
Default
No secondary RADIUS accounting server is specified.