Command Manual – AAA & RADIUS & HWTACACS & EAD
Quidway S3900 Series Ethernet Switches-Release 1510
Chapter 1 AAA & RADIUS & HWTACACS
Configuration Commands
Huawei Technologies Proprietary
1-50
z
Generally, the RADIUS server uses the connection timeout timer to determine
whether a user is online or not. If the RADIUS server receives no real-time
accounting packet for a specified period of time, it will consider that the line or the
switch is in trouble and stop the accounting of the user. To make the switch
cooperate with this feature on the RADIUS server, it is necessary to cut down the
user connection on the switch as soon as possible after the RADIUS server
terminates the charging and connection of the user in the case of unforeseen
trouble. For this purpose, you can limit the number of continuous real-time
no-response accounting requests, and the switch will cut down the user
connection if it sends out the maximum number of real-time accounting requests
but does not receive any response.
z
A real-time account request may be sent multiple times (set by the
retry
command in RADIUS scheme view) for an accounting attempt. If no response is
received even after the number of transmission attempts reaches the maximum,
the accounting attempt fails. Suppose that the response timeout time of the
RADIUS server is three seconds (set by the
timer response-timeout
command),
that the maximum number of transmission attempts (set by the
retry
command)
is 3, and that the real-time accounting interval is 12 minutes (set by the
timer
realtime-accounting
command), the maximum number of real-time accounting
request attempts is 5 (set by the
retry realtime-accounting
command). In this
case, the switch sends an accounting request every 12 minutes; if the switch
does not receive a response within 3 seconds after it sends out an accounting
request, it resends the request; if the switch continuously sends the accounting
request for three times but does not receive any response; it considers this
real-time accounting a failure. Then, the switch sends the accounting request
every 12 minutes; if the number of accounting failures exceeds five, the user
connection is cut down.
Related command:
radius scheme
and
timer realtime-accounting
.
Example
# Allow the switch to continuously send at most 10 real-time accounting requests if it
gets no response for the RADIUS scheme radius1.
<Quidway> system-view
System View: return to User View with Ctrl+Z.
[Quidway] radius scheme radius1
New Radius scheme
[Quidway-radius-radius1] retry realtime-accounting 10
1.2.22 retry stop-accounting
Syntax
retry stop-accounting retry-times