No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring RADIUS Authentication and Accounting Servers

Configuring RADIUS Authentication and Accounting Servers

If one server is used for both authentication and accounting, different interfaces should be used for authentication and accounting.

Context

To configure Remote Authentication Dial-In User Service (RADIUS) authentication and accounting servers, configure the following parameters:

  • IP addresses of the authentication and accounting servers

  • VPN instance to which the authentication and accounting servers belong

  • Interface numbers of the authentication and accounting servers (1812 and 1813 by default)

  • Weights of the authentication and accounting servers (applicable only to the load balancing mode with the default value 0)

NOTE:

The RADIUS authentication and accounting servers can use the same IP address. This means that a server can function as both an authentication server and an accounting server.

Perform the following steps on the router:

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run radius-server group group-name

    The RADIUS server group view is displayed.

  3. Run radius-server authentication { ip-address [ vpn-instance instance-name ] | ipv6-address } port [ weight weight-value ]

    A RADIUS authentication server is configured.

    If PPP users do not use the default interface for authentication, run the radius-server authentication ip-address [ vpn-instance instance-name ] ppp-user-port port command.

  4. (Optional) Run radius-server authentication rollover-on-reject

    The function of polling RADIUS servers for authentication after receiving a RADIUS Access-Reject packet is enabled.

  5. (Optional) Run radius-server { retransmitretry-times | timeouttimeout-value } *

    The command configures the number of transmission times and retransmission timeout period used by the NE40E to send request packets to RADIUS servers.

    If you do not specify authentication or accounting in the radius-server retransmit timeout command, the command sets the number of transmission times or the retransmission timeout period for all RADIUS authentication servers and RADIUS accounting servers in the RADIUS server group view. If authentication is specified in the command, the configurations of this command apply to all RADIUS authentication servers in the RADIUS server group. If accounting is specified in the command, the configurations of this command applies to all RADIUS accounting servers in the RADIUS server group.

  6. Run radius-server accounting { ip-address [ vpn-instance instance-name ] | ipv6-address } port [ weight weight-value ]

    A RADIUS accounting server is configured.

    If PPP users do not use the default interface for accounting, run the radius-server accounting ip-address [ vpn-instance instance-name ] ppp-user-port port command.

  7. (Optional) Run radius-server accounting-start-packet resend [ resend-times ]

    The number of times that cached accounting start packets are retransmitted to the RADIUS accounting server is configured.

  8. (Optional) Run radius-server accounting-stop-packet resend [ resend-times ]

    The number of times the Accounting-Stop packet that is retransmitted is configured.

  9. (Optional) Run radius-server accounting-stop-packet send force

    Generally, the RADIUS server generates a user entry only after the accounting succeeds. However, some RADIUS server users who have passed the authentication generate user entries in the database before the accounting, when they apply for an IP address, for example. If the accounting fails due to some reasons, the IP address fails to be released, causing the users fail to go online. To address this problem, configure the radius-server accounting-stop-packet send force command to force the NE40E to send an Accounting-Stop packet to the RADIUS server to release the IP address.

    The command takes effect only when the accounting for the authenticated user fails and there is a user entry in the database.

  10. (Optional) Run radius-server accounting-interim-packet resend [ resend-times ]

    RADIUS real-time accounting packet caching is enabled, and the number of retransmissions is specified for real-time accounting packets entering a cache queue.

  11. (Optional) Run radius-server accounting cache max-packet-number

    The maximum number of accounting packets that can be cached is configured.

    NOTE:

    If the value specified by max-packet-number is not 8192, the system limits the number of accounting packets specified by max-packet-number and does not limit the number of users.

  12. (Optional) Run radius-server accounting cache retransmit retransmit timeout timeout

    An interval at which cached RADIUS accounting packets are retransmitted and the number of users for each packet retransmission are configured.

  13. (Optional) Run radius-server accounting cache memory-threshold memory-threshold-value

    A memory usage threshold is configured for the master main control board.

  14. (Optional) Run radius-server accounting cache-warning-threshold upper-limit upper-limit lower-limit lower-limit

    The accounting packet cache alarm function is enabled, and an alarm threshold and a clear alarm threshold are configured. If the accounting packet cache usage reaches the configured alarm threshold, an alarm is reported.

    Accounting packet cache usage = Number of cached accounting packets/Maximum number of accounting packets that can be cached

  15. (Optional) Run radius-server cache keep packet

    The device is disabled from deleting cached accounting packets after the number of retransmissions reaches the specified upper limit.

  16. (Optional) Run radius-server cache resend packet

    The sending of cached accounting packets is triggered.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17741

Downloads: 72

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next