R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101
151
Task Remarks
Unit of Packets
Specify the unit for data packets sent to the TACACS server (used for
traffic accounting), which can be
• one-packet
• kilo-packet
• mega-packet
• giga-packet
If you leave the box blank, the default unit is used.
Table 52 Relationship between the real-time accounting interval and number of users
Number of users
Real-time accountin
g
interval (in minutes)
1 to 99 3
100 to 499 6
500 to 999 12
ƒ
1000
ƒ
15
Return to HWTACACS configuration task list.
HWTACACS configuration example in the web interface
Network requirements
Configure the Firewall in Figure 95 to use the HWTACACS server to provide authentication, authorization,
and accounting services for the PPP user. Set the shared keys for authentication, authorization, and
accounting packets exchanged with the HWTACACS server to expert. Configure the Firewall to remove
the domain name from a username before sending the username to the HWTACACS server.
It is assumed that the PPP username, password, and the shared key expert have been configured on the
TACACS server.
Figure 95 Network diagram for configuring HWTACACS
Configuration procedure
# Create an ISP domain, configure its AAA scheme as HWTACACS scheme named system, and
configure accounting that is optional. (Omitted).
# Configure the serial ports. (Omitted)