F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100
252
481BConfiguring HWTACACS parameters
1. Select User > HWTACACS > Parameter Configuration from the navigation tree.
Figure 157 HWTACACS parameter configuration
2. Configure HWTACACS parameters, as described in 780HTable 58.
3. Click Apply.
Table 58 Configuration items
Confi
g
uration item Descri
p
tion
NAS-IP
Enter the source IP address of HWTACACS packets sent to the HWTACACS
server.
Upon receiving an HWTACACS packet, the HWTACACS server checks
whether the source IP address of the packet is the IP address of any managed
NAS. If yes, the server processes the packet. If not, the server drops the packet.
Usually, the source address of an outgoing HWTACACS packet is the IP address
of the egress interface in the route entry that the packet matches. In some special
scenarios, however, you must change the source IP address. For example, if a
NAT device is present between the NAS and the HWTACACS server, the source
IP address of outgoing HWTACACS packets must be the translated public IP
address. If the NAS is configured with VRRP for stateful failover, the source IP
address of HWTACACS packets can be the virtual IP address of the VRRP group
to which the uplink belongs.
Realtime-Accounting
Interval
Set the real-time accounting interval, which must be a multiple of 3.
This parameter defines the interval at which the device sends real-time
accounting updates to the HWTACACS accounting server for online users to
implement real-time accounting.
If you leave this field blank, the real-time accounting interval is restored to the
default value.
IMPORTANT:
Consider the performance of the NAS and the HWTACACS server when you set
the real-time accounting interval. A short interval requires higher performance.
Use a longer interval when there are more than 1000 users. For information about
recommended real-time accounting interval settings, see "
781HConfiguration
guidelines."