3Com Switch 7750 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

531

532

533

534

535

536

537

538

539

540

532 CHAPTER 49: AAA & RADIUS & HWTACACS CONFIGURATION

the information contained in this packet (NAS-ID, NAS-IP address and session ID),

and ends the accounting of the users based on the last accounting update packet.

4 Once the switch receives the response from the CAMS, it stops sending other

Accounting-On packets.

5 If the switch does not receives any response from the CAMS after the number of

the Accounting-On packets it has sent reaches the configured maximum number,

it does not send any more Accounting-On packets.

The switch can automatically generate the main attributes (NAS-ID, NAS-IP

address and session ID) in the Accounting-On packets. However, you can also

manually configure the NAS-IP address with the nas-ip command. If you choose

to manually configure the attribute, be sure to configure an appropriate and legal

IP address. If this attribute is not configured, the switch will automatically use the

IP address of the VLAN interface as the NAS-IP address.

HWTACACS

Configuration

Creating a HWTACACS

Scheme

HWTACACS protocol is configured scheme by scheme. Therefore, you must create

a HWTACACS scheme and enter HWTACACS view before you perform other

configuration tasks.

CAUTION: The system supports up to 16 HWTACACS schemes. You can only

delete the schemes that are not being used.

Configuring HWTACACS

Authentication Servers

Table 417 Enable the user re-authentication upon device restart function

Operation Command Description

Enter system view system-view -

Enter RADIUS scheme

view

radius scheme

radius-scheme-name

Enable the user

re-authentication upon

device restart function

accounting-on enable

[ send times | interval

interval ]

By default, this function is disabled,

and the system can send at most 15

Accounting-On packets consecutively

at intervals of three seconds.

Table 418 Create a HWTACACS scheme

Operation Command Description

Enter system view system-view -

Create a HWTACACS

scheme and enter

HWTACACS view

hwtacacs scheme

hwtacacs-scheme-name

Required

By default, no HWTACACS

scheme exists.

Table 419 Configure HWTACACS authentication servers

Operation Command Description

Enter system view system-view -

Create a HWTACACS

scheme and enter its view

hwtacacs scheme

hwtacacs-scheme-name

Required

By default, no HWTACACS

scheme exists.