EasyManua.ls Logo

3Com Switch 4800G 24-Port - Page 774

3Com Switch 4800G 24-Port
1246 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
774 CHAPTER 53: AAA/RADIUS/HWTACACS CONFIGURATION
Configuring Attributes
Related to the Data Sent
to the TACACS Server
Follow these steps to configure the attributes related to the data sent to the
HWTACACS server:
n
If a HWTACACS server does not support a username with the domain name,
you can configure the device to remove the domain name before sending the
username to the server.
The nas-ip command in HWTACACS scheme view is only for the current
HWTACACS scheme, while the hwtacacs nas-ip command in system view is
for all HWTACACS schemes. However, the nas-ip command in HWTACACS
scheme view overwrites the configuration of the hwtacacs nas-ip command.
Setting Timers
Regarding HWTACACS
Servers
Follow these steps to set timers regarding TACACS servers:
Set the shared keys for
HWTACACS authentication,
authorization, and accounting
packets
key { accounting |
authentication |
authorization } string
Required
No shared key exists by
default.
To do… Use the command… Remarks
To do… Use the command… Remarks
Enter system view system-view -
Create a HWTACACS scheme
and enter HWTACACS scheme
view
hwtacacs scheme
hwtacacs-scheme-name
Required
Not defined by default
Specify the format of the
username to be sent to a
HWTACACS server
user-name-format
{ with-domain |
without-domain }
Optional
By default, the ISP domain
name is included in the
username.
Specify the unit for data flows
or packets to be sent to a
HWTACACS server
data-flow-format { data
{ byte | giga-byte |
kilo-byte | mega-byte } |
packet { giga-packet |
kilo-packet | mega-packet |
one-packet }}*
Optional
The defaults are as follows:
byte for data flows, and
one-packet for data packets.
Set the source
IP address of
the device to
send
HWTACACS
packets
In
HWTACACS
scheme view
nas-ip ip-address Use either command
By default, the outbound port
serves as the source IP
address to send HWTACACS
packets
In system view quit
hwtacacs nas-ip ip-address
To do… Use the command… Remarks
Enter system view system-view -
Create a HWTACACS scheme
and enter HWTACACS
scheme view
hwtacacs scheme
hwtacacs-scheme-name
Required
Not defined by default
Set the TACACS server
response timeout timer
timer response-timeout
seconds
Optional
5 seconds by default
Set the quiet timer for the
primary server
timer quiet minutes Optional
5 minutes by default

Table of Contents

Related product manuals