100
If the device does not receive a response to its request from the RADIUS server within the response
timeout period, the device retransmits the RADIUS request. To set the response timeout period, use
the
timer response-timeout
command.
If the device does not receive a response from the RADIUS server after the maximum number of
transmission attempts is reached, the device considers the request a failure.
If the client times out during the authentication process, the user is immediately logged off. To avoid
user logoffs, the value multiplied by the following items cannot be larger than the client timeout
period defined by the access module:
•
The maximum number of RADIUS packet transmission attempts.
•
The RADIUS server response timeout period.
•
The number of RADIUS authentication servers in the RADIUS scheme.
When the device sends a RADIUS request to a new RADIUS server, it checks the total amount of
time it has taken to transmit the RADIUS packet. If the amount of time has reached 300 seconds, the
device stops sending the RADIUS request to the next RADIUS server. As a best practice, consider
the number of RADIUS servers when you configure the maximum number of packet transmission
attempts and the RADIUS server response timeout period.
Examples
# In RADIUS scheme
radius1
, set the maximum number of RADIUS packet transmission attempts
to 5.
<Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] retry 5
Related commands
radius scheme
timer response-timeout
(RADIUS scheme view)
retry realtime-accounting
Use
retry realtime-accounting
to set the maximum number of accounting attempts.
Use
undo retry realtime-accounting
to restore the default.
Syntax
retry realtime-accounting
retries
undo retry realtime-accounting
Default
The maximum number of accounting attempts is 5.
Views
RADIUS scheme view
Predefined user roles
network-admin
mdc-admin
Parameters
retries
: Specifies the maximum number of accounting attempts, in the range of 1 to 255.