35
NOTE:
• An HWTACACS server can function as the primary authorization server of one scheme and as the
secondary authorization server of another scheme at the same time.
• The IP addresses of the primary and secondary authorization servers cannot be the same. Otherwise,
the configuration fails.
• You can remove an authorization server only when no active TCP connection for sendin
authorization
packets is using it.
Specifying the HWTACACS accounting servers and the relevant parameters
You can specify one primary accounting server and up to one secondary accounting server for an
HWTACACS scheme. When the primary server is not available, the secondary server is used, if any. In
a scenario where redundancy is not required, specify only the primary server.
When the switch receives a connection teardown request from a host or a connection teardown
command from an administrator, it sends a stop-accounting request to the accounting server. You can
enable buffering of non-responded stop-accounting requests to allow the switch to buffer and resend a
stop-accounting request until it receives a response or the number of stop-accounting attempts reaches
the configured limit. In the latter case, the switch discards the packet.
Follow these steps to specify HWTACACS accounting servers and set relevant parameters for an
HWTACACS scheme:
To do… Use the command… Remarks
Enter system view system-view —
Enter HWTACACS scheme view
hwtacacs scheme
hwtacacs-scheme-name
—
Specify the primary HWTACACS
accounting server
primary accounting ip-address
[ port-number | vpn-instance
vpn-instance-name ] *
Required
Configure at least one command.
No accounting server is specified
by default.
Specify the secondary
HWTACACS accounting server
secondary accounting ip-address
[ port-number | vpn-instance
vpn-instance-name ] *
Enable buffering of
stop-accounting requests to which
no responses are received
stop-accounting-buffer enable
Optional
Enabled by default
Set the maximum number of
stop-accounting attempts
retry stop-accounting retry-times
Optional
100 by default
NOTE:
• An HWTACACS server can function as the primary accounting server of one scheme and as the
secondary accounting server of another scheme at the same time.
• The IP addresses of the primary and secondary accountin
servers cannot be the same. Otherwise, the
configuration fails.
• You can remove an accounting server only when no active TCP connection for sending accounting
packets is using it.
• HWTACACS does not support accounting for FTP users.
To Next Page
Loading...
Need help?
General