Chapter 2 Configuring servers 55Nortel VPN Router Security — Servers, Authentication, and CertificatesGroup-level RADIUS authentication works only with clients that use a group IDand password. This excludes all non-IPsec client implementations. You must usethe group ID and group password to configure each client in the group for groupauthentication.Vendor-specific RADIUS attributeYou can use the vendor-specific RADIUS attribute to store VPN Router groupmembership information in a RADIUS vendor-specific attribute as well as to theclass attribute.Configuring RADIUS accountingYou can use the RADIUS accounting configuration window to specify how yourVPN Router saves RADIUS accounting results. By default, the results are storedlocally. You can also save the RADIUS accounting information to a remoteRADIUS server.To configure RADIUS accounting:1 Select Servers > Radius Acct.2 Click Enable to enable internal RADIUS accounting. Internal RADIUSaccounting is enabled by default.3 In Session Update Interval, enter an interval when a snapshot of the currentactive tunnel sessions is recorded to a journal file. Use the format, hh:mm:ss,for the interval. The journal file stores the session information until the userlogs out of the tunnel session, after which the session stop record is saved onNote: There are no separate group levels of authentication on aRADIUS configuration for the firewall user authentication (FWUA)users. Because they are only members of the global group configuration,if you have multiple RADIUS servers, you must add these users to thegroup on the VPN Router global RADIUS configuration window. Thisalso applies to PPTP and L2TP user tunnels.Note: If you set the date ahead and then set it back, external RADIUSaccounting no longer works.