H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

861

862

863

864

865

866

867

868

869

870

Operation Manual – AAA RADIUS HWTACACS

H3C S7500E Series Ethernet Switches

Chapter 1 AAA/RADIUS/HWTACACS

Configuration

1-25

To do… Use the command… Remarks

Specify the primary

RADIUS accounting

server

primary accounting

ip-address [ port-number ]

Specify the secondary

RADIUS accounting

server

secondary accounting

ip-address [ port-number ]

Required

Use either approach

By default, neither the

primary nor the secondary

accounting server is

specified

Enable the device to

buffer stop-accounting

requests getting no

responses

stop-accounting-buffer

enable

Optional

Enabled by default

Set the maximum number

of stop-accounting

request transmission

attempts

retry stop-accounting

retry-times

Optional

500 by default

Set the maximum number

of accounting request

transmission attempts

retry

realtime-accounting

retry-times

Optional

5 by default

 Note:

z It is recommended to specify only the primary RADIUS accounting server if backup

is not required.

z In practice, you can specify two RADIUS servers as the primary and secondary

accounting servers respectively; or specify one server to function as the primary

accounting server in a scheme and the secondary accounting server in another

scheme.. Besides, because RADIUS uses different UDP ports to receive

authentication/authorization and accounting packets, the port for

authentication/authorization must be different from that for accounting.

z You can set the maximum number of stop-accounting request transmission buffer,

allowing the device to buffer and resend a stop-accounting request until it receives a

response or the number of transmission retries reaches the configured limit. In the

latter case, the device discards the packet.

z You can set the maximum number of accounting request transmission attempts on

the device, allowing the device to disconnect a user when the number of accounting

request transmission attempts for the user reaches the limit but it still receives no

response to the accounting request.

z The IP addresses of the primary and secondary accounting servers cannot be the

same. Otherwise, the configuration fails.

z Currently, RADIUS does not support keeping accounts on FTP users.