42
You can specify the source IP address for outgoing HWTACACS packets in HWTACACS scheme
view for a specific HWTACACS scheme, or in system view for all HWTACACS schemes whose
servers are in a VPN or the public network.
Before sending an HWTACACS packet, the NAS selects a source IP address in the following order:
1. The source IP address specified for the HWTACACS scheme.
2. The source IP address specified in system view for the VPN or public network, depending on
where the HWTACACS server resides.
3. The IP address of the outbound interface specified by the route.
To specify a source IP address for all HWTACACS schemes of a VPN or the public network:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Specify a source IP address
for outgoing HWTACACS
packets.
hwtacacs nas-ip
ip-address
[
vpn-instance
vpn-instance-name ]
By default, the IP address of the
outbound interface is used as the
source IP address.
To specify a source IP address for a specific HWTACACS scheme:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter HWTACACS scheme
view.
hwtacacs scheme
hwtacacs-scheme-name
N/A
3. Specify a source IP address
for outgoing HWTACACS
packets.
nas-ip
ip-address
By default, the IP address of the
outbound interface is used as the
source IP address.
Setting HWTACACS timers
The device uses the following timers to control the communication with an HWTACACS server:
• Server response timeout timer (response-timeout)—Defines the HWTACACS request
retransmission interval. After sending an HWTACACS request (authentication, authorization, or
accounting request), the device starts the server response timeout timer. If the device receives
no response from the server before the timer expires, it resends the request.
• Primary server quiet timer (quiet)—Defines the duration to keep an unreachable primary
server in blocked state. If a primary server is not reachable, the device changes the server's
status to blocked, starts this timer for the server, and tries to communicate with the secondary
server if the secondary server is configured and in active state. After the primary server quiet
timer expires, the device changes the status of the primary server back to active.
• Real-time accounting timer (realtime-accounting)—Defines the interval at which the device
sends real-time accounting updates to the HWTACACS accounting server for online users. To
implement real-time accounting, the device must send periodically real-time accounting
packets to the accounting server for online users.
Consider the performance of the NAS and the HWTACACS server when you set the real-time
accounting interval. A shorter interval requires higher performance.
To set HWTACACS timers:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter HWTACACS scheme
view.
hwtacacs scheme
hwtacacs-scheme-name
N/A
To Next Page
Loading...
Need help?
General
