Dell PowerConnect W Clearpass 100 Software 3.7 Deployment Guide - Page 412
Security Configuration
View all Dell PowerConnect W Clearpass 100 Software manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 412 highlights
Security Configuration Table 48 Security Configuration Settings Value Description security.max_attributes = 200 The maximum number of attributes permitted in a RADIUS packet. Packets which have more than this number of attributes in them will be dropped. If this number is set too low, then no RADIUS packets will be accepted. If this number is set too high, then an attacker may be able to send a small number of packets which will cause the server to use all available memory on the machine. Setting this number to 0 means "allow any number of attributes". security.reject_delay = 1 When sending an Access-Reject, it can be delayed for a few seconds. This may help slow down a DoS attack. It also helps to slow down people trying to bruteforce crack a user's password. Setting this number to 0 means "send rejects immediately". If this number is set higher than 'cleanup_delay', then the rejects will be sent at 'cleanup_delay' time, when the request is deleted from the internal cache of requests. The range of useful values are 1 to 5. security.status_server = no Sets whether or not the server will respond to Status-Server requests. When sent a Status-Server message, the server responds with an Access-Accept packet, containing a Reply-Message attribute, which is a string describing how long the server has been running. Allowed values are no and yes. Proxy Configuration Table 49 Proxy Configuration Settings Value Description proxy_requests = yes Turns proxying of RADIUS requests on or off. The server has proxying turned on by default. If your system is not set up to proxy requests to another server, then you can turn proxying off here. This will save a small amount of resources on the server. If you have proxying turned off, and your configuration files say to proxy a request, then an error message will be logged. Allowed values: no, yes proxy.synchronous = no If the NAS re-sends the request to us, we can immediately re-send the proxy request to the end server. To do so, use 'yes' here. If this is set to 'no', then we send the retries on our own schedule, and ignore any duplicate NAS requests. If you want to have the server send proxy retries ONLY when the NAS sends its retries to the server, then set this to 'yes', and set the other proxy configuration parameters to 0 (zero). Additionally, if you want 'failover' to work, the server must manage retries and timeouts. Therefore, if this is set to yes, then no failover functionality is possible. Allowed values: no, yes proxy.retry_delay = 5 The time (in seconds) to wait for a response from the proxy, before re-sending the proxied request. If this time is set too high, then the NAS may re-send the request, or it may give up entirely, and reject the user. If it is set too low, then the RADIUS server which receives the proxy request will get kicked unnecessarily. proxy.retry_count = 3 The number of retries to send before giving up, and sending a reject message to the NAS. 412 | Reference Amigopod 3.7 | Deployment Guide