The following additional variables are preinstalled and used to control the RADIUS client protocol; they are pre-ENABLED and generally need not be altered.
The requestor logic avoids contacting an unresponsive server for this many seconds:
edit> vars print PRG=auth PRG="auth" NAME="RADIUSHolddown" ENABLED VALUE="300" DESCRIPTION="seconds to ignore a non-responsive RADIUS server" |
The requestor logic makes this many passes through the server list before giving up:
PRG="auth" NAME="RADIUSRetryPasses" ENABLED VALUE="3" DESCRIPTION="how many times to try each RADIUS server" |
The name of the RADIUS server port, as given in the Service registry:
PRG="auth" NAME="RADIUSService" ENABLED VALUE="radius" DESCRIPTION="RADIUS service / port # at which to query server(s)" |
The amount of time to wait for each response before sending another attempt:
PRG="auth" NAME="RADIUSTimeout" ENABLED VALUE="5" DESCRIPTION="seconds to await each RADIUS server response" |
The requestor logic attempts to contact only servers that have not been held down during the first pass; subsequent passes contact each server regardless of previous nonresponsiveness. During the first pass, each server is contacted twice in a row before moving onto the next one. During subsequent passes, each server is only contacted once; a rough upper-bound on the overall time for total failure for all servers is:
# servers TIMES (#passes + 1) TIMES timeout |
This is an upper-bound because of the way the first pass avoids recently unresponsive servers; a lower-bound would be:
# servers TIMES (#passes - 1) TIMES timeout |
So, for example, with two servers configured and using the default time-outs, the overall failure time-out would be less than 2 x (3 + 1) x 5 = 40 seconds, and greater than 2 x (3 - 1) x 5 = 20 seconds