3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
Configuring the RADIUS Protocol 41
Configuring the maximum number of real-time accounting request
attempts
A RADIUS server usually determines the online state of a user using the connection
timeout timer. If the RADIUS sever receives no real-time accounting packets from
the NAS for a long time, it considers that the line or device fails and stops user
accounting. To work with this feature of the RADIUS server, the NAS is required to
terminate user connections simultaneously with the RADIUS server when
unpredictable faults occur. 3Com Series Security Gateways allow you to set the
maximum number of continuous real-time accounting request attempts. The NAS
terminates a user connection if it receives no response after the number of
transmitted real-time accounting requests exceeds the configured limit.
You can use the following command to set the maximum number of real-time
accounting request attempts.
Perform the following configuration in RADIUS view.
By default, the maximum number of real-time accounting request attempts is 5.
Setting the Shared Key
for RADIUS Packet
Encryption
The RADIUS client (the security gateway) and RADIUS server use the MD5
algorithm to hash the exchanged packets between them. The two ends verify the
packets using a shared key. Only when the same key is used can they properly
receive the packets and make responses.
Perform the following configurations in RADIUS view.
By default, the shared key 3com is used for RADIUS authentication/authorization
and accounting packet encryption.
Setting the Maximum
Number of RADIUS
Request Attempts
Since RADIUS uses UDP packets to carry data, the communication process is not
reliable. If the RADIUS server does not respond to the NAS before the response
timer times out, the NAS should retransmit the RADIUS request. After the number
Tab le 28 Set the maximum number of real-time accounting request attempts
Operation Command
Set the maximum number of real-time
accounting request attempts.
retry realtime-accounting retry-times
Restore the default maximum number of
real-time accounting request attempts.
undo retry realtime-accounting
Tab le 29 Set the shared key for RADIUS packet encryption
Operation Command
Set the shared key for RADIUS
authentication/authorization packet
encryption.
key authentication string
Restore the default shared key for RADIUS
authentication/authorization packet
encryption.
undo key authentication
Set the shared key for RADIUS accounting
packet encryption.
key accounting string
Restore the default shared key for RADIUS
accounting packet encryption.
undo key accounting