H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 53

39
NOTE:
•
An HWTACACS server can function as the primary accounting server of one scheme and as the
secondary accounting server of another scheme at the same time.
•
The IP addresses of the primary and secondary accounting servers cannot be the same. Otherwise, the
configuration fails.
•
You can remove an accounting server only when no active TCP connection for sending accounting
packets is using it.
•
HWTACACS does not support accounting for FTP users.
Specifying the shared keys for authenticating HWTACACS packets
The HWTACACS client and HWTACACS server use the MD5 algorithm to encrypt packets exchanged
between them and use shared keys to authenticate the packets. They must use the same shared key for the
same type of packets.
To specify the shared keys for authenticating HWTACACS packets:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter HWTACACS scheme
view.
hwtacacs scheme
hwtacacs-scheme-name
N/A
3.
Specify the shared keys for
authenticating HWTACACS
authentication, authorization,
and accounting packets.
key { accounting | authentication |
authorization } key
No shared key by default.
NOTE:
A shared key configured on the device must be the same as that configured on the HWTACACS server.
Setting the username format and traffic statistics units
A username is usually in the format of userid@isp-name, where isp-name represents the name of the ISP
domain the user belongs to and is used by the device to determine which users belong to which ISP
domains. However, some HWTACACS servers cannot recognize usernames that contain an ISP domain
name. In this case, the device must remove the domain name of each username before sending the
username. You can set the username format on the device for this purpose.
The device periodically sends accounting updates to HWTACACS accounting servers to report the traffic
statistics of online users. For normal and accurate traffic statistics, make sure the unit for data flows and
that for packets on the device are consistent with those configured on the HWTACACS servers.
To set the username format and the traffic statistics units for an HWTACACS scheme:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter HWTACACS scheme
view.
hwtacacs scheme
hwtacacs-scheme-name
N/A
3.
Set the format of usernames
sent to the HWTACACS
servers.
user-name-format { keep-original |
with-domain | without-domain }
Optional.
By default, the ISP domain name
is included in a username.
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000