R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis

Ste

Command

Remarks

3. Specify a VPN for the RADIUS

scheme.

vpn-instance vpn-instance-name

By default, a RADIUS scheme

belongs to the public network.

Setting the username format and traffic statistics units

A username is in the format userid@isp-name, where isp-name represents the user's ISP domain name. By

default, the ISP domain name is included in a username. However, older RADIUS servers might not

recognize usernames that contain the ISP domain names. In this case, you can configure the device to

remove the domain name of each username to be sent.

For correct identification of users, configure the device to include ISP domain names in usernames for the

RADIUS scheme that is referenced by two or more ISP domains.

The device reports online user traffic statistics in accounting packets. The traffic measurement units are

configurable, but they must be the same as the traffic measurement units configured on the RADIUS

accounting servers.

To set the username format and the traffic statistics units for a RADIUS scheme:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter RADIUS scheme view.

radius scheme

radius-scheme-name

N/A

3. Set the format for usernames

sent to the RADIUS servers.

user-name-format { keep-original

| with-domain | without-domain }

By default, the ISP domain name is

included in a username.

4. (Optional.) Set the data flow

and packet measurement units

for traffic statistics.

data-flow-format { data { byte |

giga-byte | kilo-byte |

mega-byte } | packet

{ giga-packet | kilo-packet |

mega-packet | one-packet } }*

By default, traffic is counted in

bytes and packets.

Setting the maximum number of RADIUS request transmission attempts

RADIUS uses UDP packets to transfer data. Because UDP communication is not reliable, RADIUS uses a

retransmission mechanism to improve reliability. A RADIUS request is retransmitted if the NAS does not

receive a server response for the request within the response timeout timer. For more information about

the RADIUS server response timeout timer, see "Setting RADIUS timers."

ou can set the maximum number for the NAS to retransmit a RADIUS request to the same server. When

the maximum number is reached, the NAS tries to communicate with other RADIUS servers in active state.

If no other servers are in active state at the time, the NAS considers the authentication or accounting

attempt a failure.

To set the maximum number of RADIUS request transmission attempts:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter RADIUS scheme view.

radius scheme

radius-scheme-name

N/A

3. Set the maximum number of RADIUS

request transmission attempts.

retry retry-times The default setting is 3.