HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

251

252

253

254

255

256

257

258

259

260

247

Item Descri

tion

Unit for Data Flows

Specify the unit for data flows sent to the RADIUS server, which can be

Byte, Kilo-byte, Mega-byte, or Giga-byte.

IMPORTANT:

The units specified on the NAS must be consistent with those configured on

the RADIUS server. Otherwise, accounting might be wrong.

Unit for Packets

Specify the unit for data packets sent to the RADIUS server, which can be

One-packet, Kilo-packet, Mega-packet, or Giga-packet.

IMPORTANT:

The units specified on the NAS must be consistent with those configured on

the RADIUS server. Otherwise, accounting might be wrong.

VPN

Specify the VPN to which the RADIUS scheme belongs.

This setting is effective to all RADIUS authentication servers and

accounting servers configured in the RADIUS scheme, but the VPN

individually specified for a RADIUS authentication or accounting server

takes priority.

Security Policy Server Specify the IP address of the security policy server.

RADIUS Packet Source IP

Specify the source IP address for the device to use in RADIUS packets

sent to the RADIUS server.

The source IP address of RADIUS packets that a NAS sends must match

the IP address of the NAS configured on the RADIUS server. A RADIUS

server identifies a NAS by its IP address.

Usually, the source address of outgoing RADIUS packets can be the IP

address of the NAS's any interface that can communicate with the

RADIUS server. In some special scenarios, however, you must change

the source IP address. For example, if a NAT device is present between

the NAS and the RADIUS server, the source IP address of outgoing

RADIUS packets must be a public IP address of the NAS. If the NAS is

configured with VRRP for stateful failover, the source IP address of

outgoing RADIUS packets can be the virtual IP address of the VRRP group

to which the uplink belongs.

If you do not specify this source IP address, the IP address of the

outbound interface specified by the route is used.

IMPORTANT:

This source IP address and the RADIUS server IP address specified in the

RADIUS scheme must be of the same version. Otherwise, the configuration

cannot take effect.

Buffer stop-accounting

packets

Enable or disable buffering of stop-accounting requests for which no

responses are received.