H3C Technologies H3C SecPath F1000-E User Manual

Page 183

Advertising
background image

173

Item Description

Request Transmission
Attempts

Set the maximum number of attempts for transmitting a RADIUS packet to a
single RADIUS server.
Because RADIUS uses UDP packets to transfer data, the communication process
is not reliable. RADIUS uses a retransmission mechanism to improve the

reliability. If a NAS sends a RADIUS request to a RADIUS server but receives no

response after the response timeout timer expires, it retransmits the request. If the
number of transmission attempts exceeds the specified limit but it still receives no

response, it considers the authentication or accounting attempt a failure.

IMPORTANT:

The server response timeout time multiplied by the maximum number of RADIUS
packet transmission attempts must not exceed 75.

Realtime Accounting
Interval

Set the interval for sending real-time accounting information. The interval must be
a multiple of 3.
To implement real-time accounting, the firewall must send real-time accounting
packets to the accounting server for online users periodically.
Different real-time accounting intervals impose different performance

requirements on the NAS and the RADIUS server. A shorter interval helps
achieve higher accounting precision but requires higher performance. Use a

longer interval when a large number of users (1000 or more) exist. For more

information about the recommended real-time accounting intervals, see
"

RADIUS scheme configuration guidelines

."

Realtime Accounting
Attempts

Set the maximum number of attempts for sending a real-time accounting request.

Unit for Data Flows

Specify the unit for data flows sent to the RADIUS server:

Byte

Kilo-byte

Mega-byte

Giga-byte

IMPORTANT:

The units specified on the NAS must be consistent with those configured on the
RADIUS server. Otherwise, accounting might be wrong.

Unit for Packets

Specify the unit for data packets sent to the RADIUS server:

One-packet

Kilo-packet

Mega-packet

Giga-packet

IMPORTANT:

The units specified on the NAS must be consistent with those configured on the

RADIUS server. Otherwise, accounting might be wrong.

VPN

Specify the VPN to which the RADIUS scheme belongs.
This setting is effective to all RADIUS authentication servers and accounting
servers configured in the RADIUS scheme, but the VPN individually specified for

a RADIUS authentication or accounting server takes priority.

Security Policy Server

Specify the IP address of the security policy server.

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands
Popular manuals