H3C Technologies H3C WX3000 Series Unified Switches User Manual
Page 263
25-11
To do…
Use the command…
Remarks
Create a RADIUS scheme and
enter its view
radius scheme
radius-scheme-name
Required
By default, a RADIUS scheme named
"system" has already been created in the
system.
Set the IP address and port
number of the primary RADIUS
accounting server
primary accounting
ip-address
[ port-number ]
Required
By default, the IP address and UDP port
number of the primary accounting server
are 0.0.0.0 and 1813 for a newly created
RADIUS scheme.
Set the IP address and port
number of the secondary RADIUS
accounting server
secondary
accounting
ip-address
[ port-number ]
Optional
By default, the IP address and UDP port
number of the secondary accounting
server are 0.0.0.0 and 1813 for a newly
created RADIUS scheme.
Enable stop-accounting request
buffering
stop-accounting-buffer
enable
Optional
By default, stop-accounting request
buffering is enabled.
Set the maximum number of
transmission attempts of a buffered
stop-accounting request.
retry stop-accounting
retry-times
Optional
By default, the system tries at most 500
times to transmit a buffered
stop-accounting request.
Set the maximum allowed number
of continuous real-time accounting
failures
retry realtime-accounting
retry-times
Optional
By default, the maximum allowed number
of continuous real-time accounting
failures is five. If five continuous failures
occur, the device cuts down the user
connection.
z
In an actual network environment, you can specify one server as both the primary and secondary
accounting servers, as well as specifying two RADIUS servers as the primary and secondary
accounting servers respectively. In addition, because RADIUS adopts different UDP ports to
exchange authentication/authorization messages and accounting messages, you must set a port
number for accounting different from that set for authentication/authorization.
z
With stop-accounting request buffering enabled, the device first buffers the stop-accounting
request that gets no response from the RADIUS accounting server, and then retransmits the
request to the RADIUS accounting server until it gets a response, or the maximum number of
transmission attempts is reached (in this case, it discards the request).
z
You can set the maximum allowed number of continuous real-time accounting failures. If the
number of continuously failed real-time accounting requests to the RADIUS server reaches the set
maximum number, the device cuts down the user connection.
z
The IP address and port number of the primary accounting server of the default RADIUS scheme
"system" are 127.0.0.1 and 1646 respectively.
z
Currently, RADIUS does not support the accounting of FTP users.