3Com Switch 8800 Family Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

251

252

253

254

255

256

257

258

259

260

258 CHAPTER 26: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION

If only authentication and accounting servers are configured and no authorization

server is configured, both authentication and accounting can be performed

normally for the FTP, Telnet, and SSH users, but the priority of these users is 0 (that

is, the lowest privilege level) by default,

The primary and secondary authorization servers cannot use the same IP address.

The default port number is 49.

If you execute this command repeatedly, the new settings will replace the old

settings.

Configuring HWTACACS

Accounting Servers and

the Related Attributes

Configuring HWTACACS accounting servers

Perform the following configuration in HWTACACS view.

Do not configure the same IP address for the primary accounting server and the

secondary accounting server. Otherwise, an error occurs.

By default, a TACACS accounting server uses an all-zero IP address and port 49.

If you execute the primary accounting or secondary accounting command

repeatedly, the newly configured settings overwrite the corresponding existing

settings.

You can delete a TACACS scheme only when no Active TCP connection used to

send authentication packets uses the server.

Enabling stop-accounting packet retransmission

Perform the following configuration in HWTACACS view.

By default, stop-accounting packet retransmission is enabled, and the maximum

number of transmission attempts is 300.

Tabl e 232 Configure HWTACACS accounting servers

Operation Command

Configure the primary TACACS accounting

server

primary accounting ip-address [

port-number ]

Delete the primary TACACS accounting server undo primary accounting

Configure the secondary TACACS accounting

server

secondary accounting ip-address [

port-number ]

Delete the secondary TACACS accounting

server

undo secondary accounting

Tabl e 233 Configure stop-accounting packet retransmission

Operation Command

Enable stop-accounting packet retransmission

and set the allowed maximum number of

transmission attempts

retry stop-accounting retry-times

Disable stop-accounting packet retransmission undo retry stop-accounting

Clear the stop-accounting request packets

that have no response

reset stop-accounting-buffer

hwtacacs-scheme hwtacacs-scheme-name