H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 586
565
Table 183 Configuration items
Item Description
Authentication Key
Confirm Authentication Key
Accounting Key
Confirm Accounting Key
Set the shared key for RADIUS authentication packets and that for RADIUS
accounting packets.
The RADIUS client and the RADIUS authentication/accounting server use
MD5 to encrypt RADIUS packets. They verify the validity of packets
through the specified shared key. The client and the server can receive and
respond to packets from each other only when they use the same shared
key.
IMPORTANT:
•
The shared keys configured on the device must be consistent with those
configured on the RADIUS servers.
•
The shared keys configured in the Common Configuration area are
used only when no corresponding shared keys are configured in the
RADIUS server configuration area.
Quiet Time
Set the time the device keeps an unreachable RADIUS server in blocked
state.
If you set the quiet time to 0, when the device needs to send an
authentication or accounting request but finds that the current server is
unreachable, it does not change the server's status that it maintains. It
simply sends the request to the next server in active state. As a result, when
the device needs to send a request of the same type for another user, it still
tries to send the request to the server because the server is in active state.
You can use this parameter to control whether the device changes the
status of an unreachable server. For example, if you determine that the
primary server is unreachable because the device's port for connecting the
server is out of service temporarily or the server is busy, you can set the
time to 0 so that the device uses the primary server as much.
Server Response Timeout
Time
Request Transmission
Attempts
Set the RADIUS server response timeout time and the maximum number of
attempts for transmitting a RADIUS packet to a single RADIUS server.
If the device does not receive a response to its request from the RADIUS
server within the response timeout period, it retransmits the RADIUS
request. If the number of transmission attempts exceeds the limit but the
device still receives no response from the RADIUS server, the device
considers the request a failure.
IMPORTANT:
The server response timeout time multiplied by the maximum number of
RADIUS packet transmission attempts must not exceed 75.
Realtime Accounting
Interval
Set the interval for sending real-time accounting information. The interval
must be a multiple of 3.
To implement real-time accounting, the device must send real-time
accounting packets to the accounting server for online users periodically.
Different real-time accounting intervals impose different performance
requirements on the NAS and the RADIUS server. A shorter interval helps
achieve higher accounting precision but requires higher performance. Use
a longer interval when 1000 or more users exist. For information about the
recommended real-time accounting intervals, see "