beautypg.com

H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 53

background image

39

NOTE:

An HWTACACS server can function as the primary accounting server of one scheme and as the
secondary accounting server of another scheme at the same time.

The IP addresses of the primary and secondary accounting servers cannot be the same. Otherwise, the
configuration fails.

You can remove an accounting server only when no active TCP connection for sending accounting
packets is using it.

HWTACACS does not support accounting for FTP users.

Specifying the shared keys for authenticating HWTACACS packets

The HWTACACS client and HWTACACS server use the MD5 algorithm to encrypt packets exchanged

between them and use shared keys to authenticate the packets. They must use the same shared key for the

same type of packets.
To specify the shared keys for authenticating HWTACACS packets:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter HWTACACS scheme
view.

hwtacacs scheme

hwtacacs-scheme-name

N/A

3.

Specify the shared keys for
authenticating HWTACACS

authentication, authorization,
and accounting packets.

key { accounting | authentication |
authorization } key

No shared key by default.

NOTE:

A shared key configured on the device must be the same as that configured on the HWTACACS server.

Setting the username format and traffic statistics units

A username is usually in the format of userid@isp-name, where isp-name represents the name of the ISP

domain the user belongs to and is used by the device to determine which users belong to which ISP

domains. However, some HWTACACS servers cannot recognize usernames that contain an ISP domain

name. In this case, the device must remove the domain name of each username before sending the
username. You can set the username format on the device for this purpose.
The device periodically sends accounting updates to HWTACACS accounting servers to report the traffic

statistics of online users. For normal and accurate traffic statistics, make sure the unit for data flows and

that for packets on the device are consistent with those configured on the HWTACACS servers.
To set the username format and the traffic statistics units for an HWTACACS scheme:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter HWTACACS scheme
view.

hwtacacs scheme
hwtacacs-scheme-name

N/A

3.

Set the format of usernames
sent to the HWTACACS

servers.

user-name-format { keep-original |
with-domain | without-domain }

Optional.
By default, the ISP domain name
is included in a username.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: