5 hwtacacs configuration, 1 creating a hwtacas scheme, 5 hwtacacs configuration -33 – H3C Technologies H3C S3100 Series Switches User Manual

Operation Manual – AAA – RADIUS – HWTACACS

H3C S3100-52P Ethernet Switch

Chapter 1 AAA & RADIUS & HWTACACS

Configuration

1-33

5) If the switch does not receive any response from the CAMS after it has tried the

configured maximum number of times to send the Accounting-On message, it will
not send the Accounting-On message any more.

Note:

The switch can automatically generate the main attributes (NAS-ID, NAS-IP-address
and session ID) contained in Accounting-On messages. However, you can also
manually configure the NAS-IP-address with the nas-ip command. If you choose to
manually configure the attribute, be sure to configure an appropriate valid IP address. If
this attribute is not configured, the switch will automatically choose the IP address of a
VLAN interface as the NAS-IP-address.

Table 1-23

Enable the user re-authentication at restart function

Operation

Command

Description

Enter system view

system-view

—

Enter RADIUS scheme

view

radius scheme

radius-scheme-name

—

Enable the user

re-authentication at

restart function

accounting-on enable

[ send times | interval
interval

]

By default, this function is

disabled.
If you use this command

without any parameter, the

system will try at most 15

times to send an

Accounting-On message at

the interval of three seconds.

1.5 HWTACACS Configuration

1.5.1 Creating a HWTACAS Scheme

The HWTACACS protocol configuration is performed on a scheme basis. Therefore,
you must create a HWTACACS scheme and enter HWTACACS view before performing
other configuration tasks.