Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
41424344454647484950
48 CHAPTER 4: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION
n
If TACACS authentication is configured for a user without TACACS authorization
server, the user cannot log in regardless of its user type.
The primary and secondary authorization servers cannot use the same IP address.
Otherwise, the system will prompt unsuccessful configuration. The default port
number is 49.
If you execute this command repeatedly, the new settings will replace the old
settings.
You can remove a server that cannot be removed otherwise, only when it is not
used by any active TCP connection for sending authorization packets.
Configuring TACACS
Accounting Servers and
the Related Attributes
Configuring TACACS accounting servers
Perform the following configuration in HWTACACS view.
The primary and secondary accounting servers cannot use the same IP address.
Otherwise, the system will prompt unsuccessful configuration. The default port
number is 49.
The default IP address of TACACS accounting server is 0.0.0.0.
If you execute this command repeatedly, the new settings will replace the old
settings.
You can remove a server that cannot be removed otherwise, only when it is not
used by any active TCP connection for sending accounting packets.
Enabling stop-accounting packet retransmission
Perform the following configuration in HWTACACS view.
By default, stop-accounting packet retransmission is enabled, and the allowed
maximum number of transmission attempts is 100.
Tabl e 45 Configure TACACS accounting servers
Operation Command
Configure the primary TACACS accounting
server.
primary accounting ip-address [ port ]
Delete the primary TACACS accounting
server.
undo primary accounting
Configure the secondary TACACS accounting
server.
secondary accounting ip-address [ port ]
Delete the secondary TACACS accounting
server.
undo secondary accounting
Tabl e 46 Configure stop-accounting packet retransmission
Operation Command
Enable stop-accounting packet retransmission
and set the allowed maximum number of
transmission attempts.
retry stop-accounting retry-times
Disable stop-accounting packet
retransmission.
undo retry stop-accounting