1-35
z For real-time accounting, a NAS must transmit the accounting information of online users to the
HWTACACS accounting server periodically. Note that if the device does not receive any response
to the information, it does not disconnect the online users forcibly
z The real-time accounting interval must be a multiple of 3.
z The setting of the real-time accounting interval somewhat depends on the performance of the
NAS and the HWTACACS server: a shorter interval requires higher performance.
Displaying and Maintaining HWTACACS
To do… Use the command… Remarks
Display configuration information
or statistics of the specified or all
HWTACACS schemes
display hwtacacs
[ hwtacacs-server-name
[ statistics ] ] [ slot slot-number ]
Available in any view
Display information about
buffered stop-accounting
requests that get no responses
display stop-accounting-buffer
hwtacacs-scheme
hwtacacs-scheme-name [ slot
slot-number ]
Available in any view
Clear HWTACACS statistics
reset hwtacacs statistics
{ accounting | all | authentication
| authorization } [ slot
slot-number ]
Available in user view
Clear buffered stop-accounting
requests that get no responses
reset stop-accounting-buffer
hwtacacs-scheme
hwtacacs-scheme-name [ slot
slot-number ]
Available in user view
AAA Configuration Examples
AAA for Telnet Users by a HWTACACS Server
Network requirements
As shown in Figure 1-7, configure the switch to use the HWTACACS server to provide authentication,
authorization, and accounting services to login users.
z The HWTACACS server is used for authentication, authentication, and accounting. Its IP address
is 10.1.1.1.
z On the switch, set the shared keys for authentication, authorization, and accounting packets to
expert. Configure the switch to remove the domain name from a user name before sending the
user name to the HWTACACS server.
z On the HWTACACS server, set the shared keys for packets exchanged with the switch to expert.
To Next Page
Loading...
