R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101
174
Troubleshooting HWTACACS
Similar to RADIUS troubleshooting. See ”Troubleshooting RADIUS.”
Configuration guidelines
Configure the RADIUS client note the following guidelines
• When you modify the parameters of the RADIUS scheme, the system does not check whether the
scheme is being used by users.
• After accounting starts, update-accounting and stop-accounting packets will be sent to the
designated server, and no primary/secondary server switchover will take place even if the
designated server fails. Such a switchover can take place only during AAA session establishment.
• If an AAA server has active TCP connections, it cannot be removed.
• RADIUS does not support accounting for FTP users.
• If the HP IMC server is used as the RADIUS server, it is necessary to configure accounting as
optional for users in the ISP domain because the IMC server does not respond to accounting
packets.
Configuring the HWTACACS client note the following
guidelines
• When you modify the parameters of the HWTACACS scheme, the system does not check whether
the scheme is being used by users.
• HWTACACS authentication must work with HWTACACS authorization. If only HWTACACS
authentication is configured but HWTACACS authorization is not, users cannot log in.
• A primary server/secondary server switchover can take place only during AAA session
establishment. After accounting starts, update-accounting and stop-accounting packets will be sent
to the designated server, and no primary/secondary server switchover will take place even if the
designated server fails.
• If an AAA server has active TCP connections, the server cannot be removed.
• HWTACACS does not support accounting for FTP users.