beautypg.com

Hwtacacs configuration task list, Creating a hwtacacs scheme, Creating a hwtacacs scheme -18 – H3C Technologies H3C WX3000 Series Unified Switches User Manual

Page 270

background image

25-18

5) If the device does not receive any response from the CAMS after it has tried the configured

maximum number of times to send the Accounting-On message, it will not send the Accounting-On
message any more.

The device can automatically generate the main attributes (NAS-ID, NAS-IP-address and session ID)
contained in Accounting-On messages. However, you can also manually configure the NAS-IP-address
with the nas-ip command. If you choose to manually configure the attribute, be sure to configure an
appropriate valid IP address. If this attribute is not configured, the device will automatically choose the
IP address of a VLAN interface as the NAS-IP-address.

Follow these steps to enable the user re-authentication at restart function:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter RADIUS scheme view

radius scheme

radius-scheme-name

Enable the user
re-authentication at restart
function

accounting-on enable

[ send times | interval
interval

]

By default, this function is disabled.
If you use this command without any parameter,
the system will try at most 15 times to send an
Accounting-On message at the interval of three
seconds.

HWTACACS Configuration Task List

Complete the following tasks to configure HWTACACS:

Task

Remarks

Creating a HWTACACS Scheme

Required

Configuring TACACS Authentication Servers

Required

Configuring TACACS Authorization Servers

Required

Configuring TACACS Accounting Servers

Optional

Configuring Shared Keys for RADIUS Messages

Optional

Configuring the Attributes of Data to be Sent to TACACS Servers

Optional

Configuring the
TACACS client

Configuring the Timers Regarding TACACS Servers

Optional

Configuring the
TACACS server

Refer to the configuration of TACACS servers.

Creating a HWTACACS Scheme

The HWTACACS protocol configuration is performed on a scheme basis. Therefore, you must create a
HWTACACS scheme and enter HWTACACS view before performing other configuration tasks.

See also other documents in the category H3C Technologies Routers: