H3C Technologies H3C S12500-X Series Switches User Manual

37

If the primary server fails, the device changes the server's status to blocked, starts a quiet timer for

the server, and tries to communicate with a secondary server in active state (a secondary server
configured earlier has a higher priority).
If the secondary server is unreachable, the device changes the server's status to blocked, starts a
quiet timer for the server, and continues to check the next secondary server in active state. This

search process continues until the device finds an available secondary server or has checked all

secondary servers in active state.
If the quiet timer of a server expires, the status of the server changes back to active, but the device

does not check the server again during the authentication or accounting process.
If no server is found reachable during one search process, the device considers the authentication
or accounting attempt a failure.

•

If you remove an authentication or accounting server in use, the communication of the device with
the server soon times out, and the device looks for a server in active state by first checking the

primary server and then secondary servers in the order they are configured.

•

When the primary server and secondary servers are all in blocked state, the device does not
communicate with any server.

•

If one server is in active state and all the others are in blocked state, the device only tries to
communicate with the server in active state, even if the server is unavailable.

•

If the status of an HWTACACS server changes automatically, the device changes the status of this
server accordingly in all HWTACACS schemes in which this server is specified.

To set HWTACACS timers:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter HWTACACS scheme
view.

hwtacacs scheme
hwtacacs-scheme-name

N/A

3.

Set the HWTACACS server
response timeout timer.

timer response-timeout seconds

By default, the HWTACACS server
response timeout timer is 5

seconds.

4.

Set the real-time accounting
interval.

timer realtime-accounting minutes

By default, the real-time accounting
interval is 12 minutes.
A short interval helps improve
accounting precision but requires

many system resources. When
there are 1000 or more users, set a

longer interval.

5.

Set the server quiet timer.

timer quiet minutes

By default, the server quiet timer is
5 minutes.

380B

Displaying and maintaining HWTACACS

Execute the display command in any view and the reset command in user view.

Task Command

Display the configuration or server
statistics of HWTACACS schemes.

display hwtacacs scheme [ hwtacacs-server-name [ statistics ]