Item | Description |
| Select the format of usernames to be sent to the RADIUS server. |
| Typically, a username is in the format of |
| is used by the device to determine the ISP domain for the user. If a RADIUS |
| server (such as a RADIUS server of some early version) does not accept a |
| username that contains an ISP domain name, you can configure the device to |
| remove the domain name of a username before sending it to the RADIUS |
Username Format | server. The options include: |
| • Original |
| an "as is" basis. |
| • With domain |
| a username. |
| • Without domain |
| name of a username. |
|
|
| Set the shared key for RADIUS authentication packets and that for RADIUS |
| accounting packets. |
| The RADIUS client and the RADIUS authentication/accounting server use |
Authentication Key | MD5 to encrypt RADIUS packets. They verify packets through the specified |
shared key. The client and the server can receive and respond to packets | |
Confirm Authentication Key | from each other only when they use the same shared key. |
Accounting Key | IMPORTANT: |
Confirm Accounting Key | • The shared keys configured on the device must be consistent with those |
| configured on the RADIUS servers. |
| • The shared keys configured in the common configuration part are used |
| only when no corresponding shared keys are configured in the RADIUS |
| server configuration part. |
|
|
| Set the time the device keeps an unreachable RADIUS server in blocked |
| state. |
| If you set the quiet time to 0, when the device needs to send an authentication |
| or accounting request but finds that the current server is unreachable, it does |
| not change the server's status that it maintains. It simply sends the request to |
| the next server in the active state. As a result, when the device needs to send |
Quiet Time | a request of the same type for another user, it still tries to send the request to |
| the server because the server is in the active state. |
| You can use this parameter to control whether the device changes the status |
| of an unreachable server. For example, if you determine that the primary |
| server is unreachable because the device's port for connecting the server is |
| out of service temporarily or the server is busy, you can set the time to 0 so |
| that the device uses the primary server as much. |
|
|
| Set the RADIUS server response timeout time. |
Server Response Timeout Time | If the device sends a RADIUS request to a RADIUS server but receives no |
response in the specified server response timeout time, it retransmits the | |
| request. Setting a proper value according to the network conditions helps in |
| improving the system performance. |
|
|
371