The radius-server pending-limit command sets the maximum number of pending packets that can be sent to the RADIUS server.
The undo radius-server pending-limit command restores the default settings.
By default, the number of pending packets that can be sent to the RADIUS server is not restricted.
| Parameter | Description | Value |
|---|---|---|
| authentication |
Indicates the maximum number of pending packets that can be sent to the RADIUS authentication server. |
- |
| accounting |
Indicates the maximum number of pending packets that can be sent to the RADIUS accounting server. |
- |
| ip-address |
Specifies the IP address of a RADIUS server. |
The value is in dotted decimal notation. |
| vpn-instance vpn-instance |
Specifies the name of the VPN instance to which the RADIUS server belongs. |
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. |
| port_id |
Specifies the interface number of a RADIUS server. If the port value is specified, the command sets the maximum number of pending packets that the device can send to the RADIUS server with the specified interface number. If the port value is specified, the command sets the maximum number of pending packets that the device can send to all RADIUS servers. |
The value is an integer that ranges from 1 to 65535. |
| pending-limit pending-limit |
Specifies the maximum number of pending packets that can be sent to the RADIUS server. |
The value is an integer ranging from 1 to 255. |
Usage Scenario
To confirm whether each pending packet is responded to, the system allows the pending number to increase by 1 once a pending packet is sent from the NetEngine 8000 F to the RADIUS server and to decrease by 1 once a pending packet is responded to. If the RADIUS server can concurrently process only a certain number of pending packets, the radius-server pending-limit command is used to restrict the number of pending packets that are sent to the RADIUS server.
To improve the usage of RADIUS server resources on a live network, divide a RADIUS server into several logical RADIUS servers. These logical RADIUS servers share one IP address and one VPN instance and need to be differentiated using interface numbers. In this situation, you can run the radius-server speed-limit command to specify the same IP address and VPN instance name but different interface numbers for these logical RADIUS servers and the limit on the number of packets that the device can send to these logical RADIUS servers within a specified period.Configuration Impact
The larger the pending number is, the more packets the RADIUS server has to process within a certain period.
The display radius-server packet command can be used to display the number of authentication and accounting packets that are not responded to.Precautions