beautypg.com

H3C Technologies H3C SecBlade LB Cards User Manual

Page 79

background image

68

stop-accounting request until it receives a response or the number of stop-accounting attempts reaches

the configured limit. In the latter case, the device discards the packet.
An HWTACACS server can function as the primary accounting server of one scheme and as the

secondary accounting server of another scheme at the same time. You cannot specify the same IP

address as both the primary and the secondary accounting servers in a scheme.
HWTACACS does not support accounting for FTP users.
To specify HWTACACS accounting servers and set relevant parameters for an HWTACACS scheme:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter HWTACACS scheme
view.

hwtacacs scheme
hwtacacs-scheme-name

N/A

3.

Specify HWTACACS
accounting servers.

Specify the primary HWTACACS

accounting server:

primary accounting ip-address
[ port-number | vpn-instance

vpn-instance-name ] *

Specify the secondary

HWTACACS accounting server:

secondary accounting ip-address

[ port-number | vpn-instance
vpn-instance-name ] *

Configure at least one command.
No accounting server is specified
by default.

4.

Enable buffering of

stop-accounting requests to

which no responses are
received.

stop-accounting-buffer enable

Optional.
Enabled by default.

5.

Set the maximum number of

stop-accounting attempts.

retry stop-accounting retry-times

Optional.
The default setting is 100.

You can remove an accounting server only when no active TCP connection for sending accounting

packets is using it.

Specifying the shared keys for secure HWTACACS communication

The HWTACACS client and HWTACACS server use the MD5 algorithm and a shared key pair for

password encryption.
To specify a shared key for secure HWTACACS communication:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter HWTACACS scheme
view.

hwtacacs scheme
hwtacacs-scheme-name

N/A

3.

Specify a shared key for
secure HWTACACS

authentication, authorization,

or accounting
communication.

key { accounting | authentication |
authorization } [ cipher | simple ]

key

By default, no shared key is
specified.
The shared key configured on the
device must be the same as that

configured on the HWTACACS

server.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: