HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

251

252

253

254

255

256

257

258

259

260

253

3. Click Apply.

Table 53 Configuration items

Confi

uration item Descri

tion

NAS-IP

Enter the source IP address of HWTACACS packets sent to the HWTACACS

server.

Upon receiving an HWTACACS packet, the HWTACACS server checks

whether the source IP address of the packet is the IP address of any managed

NAS. If yes, the server processes the packet. If not, the server drops the packet.

Usually, the source address of an outgoing HWTACACS packet is the IP address

of the egress interface in the route entry that the packet matches. In some special

scenarios, however, you must change the source IP address. For example, if a

NAT device is present between the NAS and the HWTACACS server, the source

IP address of outgoing HWTACACS packets must be the translated public IP

address. If the NAS is configured with VRRP for stateful failover, the source IP

address of HWTACACS packets can be the virtual IP address of the VRRP group

to which the uplink belongs.

Realtime-Accounting

Interval

Set the real-time accounting interval, which must be a multiple of 3.

This parameter defines the interval at which the device sends real-time

accounting updates to the HWTACACS accounting server for online users to

implement real-time accounting.

If you leave this field blank, the real-time accounting interval is restored to the

default value.

IMPORTANT:

Consider the performance of the NAS and the HWTACACS server when you set

the real-time accounting interval. A short interval requires higher performance.

Use a longer interval when there are more than 1000 users. For information about

recommended real-time accounting interval settings, see "Configuration

guid

elines."

Stop-Accounting Buffer

Enable or disable buffering stop-accounting requests without responses in the

device.

Because stop-accounting requests affect the charge to users, a NAS must make

its best effort to send every stop-accounting request to the HWTACACS

accounting servers. For each stop-accounting request getting no response in the

specified period of time, the NAS buffers and resends the packet until it receives

a response or the number of transmission retries reaches the configured limit. In

the latter case, the NAS discards the packet.

Stop-Accounting Packet

Retransmission Times

Set the maximum number of stop-accounting packet transmission attempts if no

response is received for the buffered stop-accounting packet.

If stop-accounting buffer is disabled, this value is ineffective.

If you leave this field blank, the number of retransmission times is restored to the

default value.