Configuring a radius scheme – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 583
562
If you remove an authentication or accounting server in use, the communication of the device
with the server will soon time out, and the device will look for a server in active state from scratch:
it checks the primary server (if any) first and then the secondary servers in the order they are
configured.
When the primary server and secondary servers are all in blocked state, the device
communicates with the primary server. If the primary server is available, its statues changes to
active. Otherwise, its status remains to be blocked.
If one server is in active state, but all the others are in blocked state, the device only tries to
communicate with the server in active state, even if the server is unavailable.
After receiving an authentication/accounting response from a server, the device changes the
status of the server identified by the source IP address of the response to active if the current
status of the server is blocked.
•
It is a good practice to use the recommended real-time accounting intervals listed in
Table 181 Recommended real-time accounting intervals
Number of users
Real-time accounting interval (in minutes)
1 to 99
3
100 to 499
6
500 to 999
12
≥1000
≥15
Configuring a RADIUS scheme
A RADIUS scheme defines a set of parameters that the device uses to exchange information with the
RADIUS servers. There might be authentication servers and accounting servers, or primary servers and
secondary servers. The parameters mainly include the IP addresses of the servers, the shared keys, and
the RADIUS server type. By default, no RADIUS scheme exists.
To configure a RADIUS scheme:
1.
From the navigation tree, select Authentication > RADIUS.
Figure 589 RADIUS scheme list