Configuring hwtacacs schemes in the web interface, Creating an hwtacacs scheme – H3C Technologies H3C SecPath F1000-E User Manual

194

{

After receiving an authentication/accounting response from a server, the firewall changes the

status of the server identified by the source IP address of the response to active if the current
status of the server is blocked.

•

Table 51

lists the recommended real-time accounting intervals.

Table 51 Recommended real-time accounting interval settings

Number of users

Real-time accounting interval (in minutes)

1 to 99

3

100 to 499

6

500 to 999

12

ƒ

1000

ƒ

15

Configuring HWTACACS schemes in the Web interface

NOTE:

You cannot remove the HWTACACS schemes in use or change the IP addresses of the HWTACACS
servers in use.

Table 52 HWTACACS configuration task list

Task Description

Creating an HWTACACS scheme

Required.
Create an HWTACACS scheme named system.
By default, no HWTACACS scheme exists.

Configuring HWTACACS server

Authentication server and authorization server are mandatory
and accounting server is optional.
This section describes how to specify the primary and the
secondary HWTACACS authentication/authorization and

accounting servers.
By default, no server is specified.

IMPORTANT:

If redundancy is not required, specify only the primary

HWTACACS authentication server.

Configuring HWTACACS parameters

Optional.
This section describes how to configure the parameters that are
necessary for information exchange between the firewall and

HWTACACS server.

Creating an HWTACACS scheme

1.

If the HWTACACS scheme system does not exist, select User > HWTACACS > Server

Configuration or User > HWTACACS > Parameter Configuration from the navigation tree.
A message appears, asking you to create an HWTACACS scheme first.

2.

Click Add to create an HWTACACS scheme named system.