22
NOTE:
ï‚· If both the primary and secondary authentication/authorization servers are specified, the secondary one is used
when the primary one is not reachable.
ï‚· If redundancy is not required, specify only the primary RADIUS authentication/authorization server.
ï‚· In practice, you may specify one RADIUS server as the primary authentication/authorization server, and up to
16 RADIUS servers as the secondary authentication/authorization servers, or specify a server as the primary
authentication/authorization server for a scheme and as the secondary authentication/authorization servers for
another scheme at the same time.
ï‚· The IP addresses of the primary and secondary authentication/authorization servers for a scheme must be
different from each other. Otherwise, the configuration will fail.
ï‚· All servers for authentication/authorization and accountings, primary or secondary, must use IP addresses of the
same IP version.
Specifying the RADIUS accounting servers and relevant parameters
You can specify one primary accounting server and up to 16 secondary accounting servers for a RADIUS
scheme. When the primary server is not available, a secondary server is used, if any. When redundancy
is not required, specify only the primary server.
By setting the maximum number of real-time accounting attempts for a scheme, you make the device
disconnect users for whom no accounting response is received before the number of accounting attempts
reaches the limit.
When the device receives a connection teardown request from a host or a connection teardown
notification from an administrator, it sends a stop-accounting request to the accounting server. You can
enable buffering of non-responded stop-accounting requests to allow the device to buffer and resend a
stop-accounting request until it receives a response or the number of stop-accounting attempts reaches the
configured limit. In the latter case, the device discards the packet.
Follow these steps to specify the RADIUS accounting servers and perform related configurations:
radius scheme radius-scheme-name
Specify the primary RADIUS
accounting server
primary accounting { ip-address [ port-number
| key string ] * | ipv6 ipv6-address [ port-
number | key string ] * }
Required
Configure at least one
command.
No accounting server is
specified by default.
Specify the secondary RADIUS
accounting server
secondary accounting { ip-address [ port-
number | key string ] * | ipv6 ipv6-address [
port-number | key string ] * }
Enable the device to buffer
stop-accounting requests to
which no responses are
received
stop-accounting-buffer enable
Optional
Enabled by default
Set the maximum number of
stop-accounting attempts
retry stop-accounting retry-times
Set the maximum number of
real-time accounting attempts
retry realtime-accounting retry-times
To Next Page
Loading...
Need help?
General