Dell PowerConnect W Clearpass 100 Software 3.7 Deployment Guide - Page 410

General Configuration Table 47 General Configuration Settings Value Description max_request_time = 30 The maximum time (in seconds) to handle a request. Requests which take more time than this to process may be killed, and a REJECT message is returned. cleanup_delay = 5 The time to wait (in seconds) before cleaning up a reply which was sent to the NAS. The RADIUS request is normally cached internally for a short period of time, after the reply is sent to the NAS. The reply packet may be lost in the network, and the NAS will not see it. The NAS will then re-send the request, and the server will respond quickly with the cached reply. If this value is set too low, then duplicate requests from the NAS MAY NOT be detected, and will instead be handled as separate requests. If this value is set too high, then the server will cache too many requests, and some new requests may get blocked. (See max_requests, below) The useful range of values is 2 to 10 max_requests = 1024 The maximum number of requests which the server keeps track of. This should be 256 multiplied by the number of clients, for example, with 4 clients, this number should be 1024. If this number is too low, then when the server becomes busy, it will not respond to any new requests, until the 'cleanup_delay' time has passed, and it has removed the old requests. If this number is set too high, then the server will use a bit more memory for no real benefit. If you aren't sure what it should be set to, it's better to set it too high than too low. Setting it to 1000 per client is probably the highest it should be. The useful range of values is 256 and higher. bind_address = * Make the server listen on a particular IP address, and send replies out from that address. This directive is most useful for machines with multiple IP addresses on one interface. It can either contain "*", or an IP address, or a fully qualified Internet domain name. listen.ipaddr = not set By default, the server uses 'bind_address' to listen to all IP addresses on a machine, or just one IP. The 'port' configuration is used to select the authentication port used when listening on those addresses. If you want the server to listen on additional addresses, you can use the 'listen' section. The IP address on which to listen may be specified as a dotted-quad (1.2.3.4), hostname (radius.example.com) or as a wildcard (*). listen.port = not set Port number on which to listen. Only applies if 'listen.ipaddr' has been set. Allowed values are an integer port number (1812) or 0 to look up the port in /etc/services. listen.type = not set Type of packets to listen for. Allowed values are "auth" for authentication packets, and "acct" for accounting packets. hostname_lookups = off Log the names of clients or just their IP addresses, for example, www.examle.com (on) or 209.97.207.76 (off). The default is 'off' because it would be overall better for the net if people had to knowingly turn this feature on, as enabling it means that each client request will result in AT LEAST one lookup request to the name server. Enabling hostname_lookups will also mean that your server may stop randomly for 30 seconds from time to time, if the DNS requests take too long. Turning hostname lookups off also means that the server won't block for 30 seconds, if it sees an IP address which has no name associated with it. Allowed values are no and yes. log_stripped_names = no Log the full User-Name attribute, as it was found in the request. Allowed values are no and yes. log_auth = yes Log authentication requests to the log file. Allowed values are no and yes. log_auth_badpass = no Log incorrect passwords with the authentication requests. Allowed values are no and yes. 410 | Reference Amigopod 3.7 | Deployment Guide