Manualshelf

HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
251252253254255256257258259260
250
checking any primary server first and then the secondary servers in the order they are
configured.
{ When the primary server and secondary servers are all in the blocked state, the device
communicates with the primary server. If the primary server is available, its statues changes to
active. Otherwise, its status remains to be blocked.
{ If one server is in the active state but all the others are in the blocked state, the device only tries
to communicate with the server in the active state, even if the server is unavailable.
{ After receiving an authentication/accounting response from a server, the device changes the
status of the server identified by the source IP address of the response to active if the current
status of the server is blocked.
Set a correct real-time accounting interval based on the number of users.
Table 51 Recommended real-time accounting intervals
Number of users Real-time accountin
g
interval (in minutes)
1 to 99 3
100 to 499 6
500 to 999 12
1000 15
Configuring HWTACACS schemes
Recommended configuration procedure
Ste
p
Remarks
1. Creating the HWTACACS
scheme named system
Required.
Create the HWTACACS scheme system.
By default, no HWTACACS scheme exists.
2. Configuring HWTACACS
authentication servers
Required.
Specify the primary and the secondary HWTACACS authentication servers
for the HWTACACS scheme system. When the primary server is not
available, the secondary server is used. If no redundancy is needed, specify
only the primary server. For more information about the configuration
procedure, see "Configuring HWTACACS servers."
By default, no HWTACACS authentica
tion server is specified.
3. Configuring HWTACACS
authorization servers
Required.
Specify the primary and the secondary HWTACACS authorization servers
for the HWTACACS scheme system. When the primary server is not
available, the secondary server is used. If no redundancy is needed, specify
only the primary server. For more information about the configuration
procedure, see "Configuring HWTACACS servers."
By d
efault, no HWTACACS authorization server is specified.