Enabling the user, Re-authentication at, Restart function – H3C Technologies H3C S3100 Series Switches User Manual
Page 331
Operation Manual – AAA – RADIUS – HWTACACS
H3C S3100-52P Ethernet Switch
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
1-32
Note:
z
This configuration takes effect on all RADIUS schemes.
z
The switch considers a RADIUS server as being down if it has tried the configured
maximum times to send a message to the RADIUS server but does not receive any
response.
1.4.12 Enabling the User Re-Authentication at Restart Function
Note:
The user re-authentication at restart function applies to the environment where the
RADIUS authentication/authorization and accounting server is CAMS.
In an environment that a CAMS server is used to implement AAA functions, if the switch
reboots after an exclusive user (a user whose concurrent online number is set to 1 on
the CAMS) gets authenticated and authorized and begins being charged, the switch
will give a prompt that the user has already been online when the user re-logs into the
network before the CAMS performs online user detection, and the user cannot get
authenticated. In this case, the user can access the network again only when the
CAMS administrator manually removes the user's online information.
The user re-authentication at restart function is designed to resolve this problem. After
this function is enabled, every time the switch restarts:
1) The switch generates an Accounting-On message, which mainly contains the
following information: NAS-ID, NAS-IP-address (source IP address), and session
ID.
2) The switch sends the Accounting-On message to the CAMS at regular intervals.
3) Once the CAMS receives the Accounting-On message, it sends a response to the
switch. At the same time it finds and deletes the original online information of the
users who were accessing the network through the switch before the restart
according to the information (NAS-ID, NAS-IP-address and session ID) contained
in the message, and ends the accounting for the users depending on the last
accounting update message.
4) Once the switch receives the response from the CAMS, it stops sending
Accounting-On messages.