H3C LS-3100-52P-OVS-H3 Operation Manual - page 1331
1-28
z
Primary server quiet timer (timer quiet): If the primary server is not reachable, its state changes to
blocked, and the device will turn to the specified secondary server. If the secondary server is
reachable, the device starts this timer and communicates with the secondary server. After this
timer expires, the device turns the state of the primary server to active and tries to communicate
with the primary server while keeping the state of the secondary server unchanged. If the primary
server has come back into operation, the device interacts with the primary server and terminates its
communication with the secondary server.
z
Real-time accounting interval(realtime-accounting): This timer defines the interval for performing
real-time accounting of users. After this timer is set, the switch will send accounting information of
online users to the RADIUS server at the specified interval.
Follow these steps to set timers regarding RADIUS servers:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create a RADIUS scheme and
enter RADIUS scheme view
radius scheme
radius-scheme-name
Required
Not defined by default
Set the RADIUS server
response timeout timer
timer response-timeout
seconds
Optional
3 seconds by default
Set the quiet timer for the
primary server
timer quiet minutes
Optional
5 minutes by default
Set the real-time accounting
interval
timer realtime-accounting
minutes
Optional
12 minutes by default
z
The maximum number of retransmission attempts of RADIUS packets multiplied by the RADIUS
server response timeout period cannot be greater than 75. This product is also the upper limit of the
timeout time of different access modules.
z
For an access module, the maximum number of retransmission attempts multiplied by the RADIUS
server response timeout period must be smaller than the timeout time. Otherwise, stop-accounting
messages cannot be buffered, and the primary/secondary server switchover cannot take place.
For example, as the timeout time of voice access is 10 seconds, the product of the two parameters
cannot exceed 10 seconds; as the timeout time of Telnet access is 30 seconds, the product of the
two parameters cannot exceed 30 seconds. For detailed information about timeout time of a
specific access module, refer to the corresponding part in the Access Volume.
z
To configure the maximum number of retransmission attempts of RADIUS packets, refer to the
command retry in the command manual.
Specifying Security Policy Servers
The core of the EAD solution is integration and cooperation, and the security policy server system is the
management and control center. As a collection of software, the security policy server system can run
on Windows and Linux to provide functions such as user management, security policy management,
security status assessment, security cooperation control, and security event audit.