z

z

You are not allowed to configure the same IP address for both primary and secondary authorization servers. If you do this, the system will prompt that the configuration fails.

You can remove a server only when it is not used by any active TCP connection for sending authorization messages.

Configuring TACACS Accounting Servers

Follow these steps to configure TACACS accounting servers:

 

To do…

Use the command…

Remarks

 

 

Enter system view

system-view

 

 

 

 

 

 

 

Create a HWTACACS scheme

hwtacacs scheme

Required

 

 

By default, no HWTACACS

 

 

and enter its view

hwtacacs-scheme-name

 

 

scheme exists.

 

 

 

 

 

 

 

 

 

 

 

 

 

Required

 

 

Set the IP address and port

primary accounting

By default, the IP address of

 

 

number of the primary

the primary accounting server

 

 

ip-address [ port ]

 

 

TACACS accounting server

is 0.0.0.0, and the port number

 

 

 

 

 

 

 

is 0.

 

 

 

 

 

 

 

 

 

Required

 

 

Set the IP address and port

secondary accounting

By default, the IP address of

 

 

number of the secondary

the secondary accounting

 

 

ip-address [ port ]

 

 

TACACS accounting server

server is 0.0.0.0, and the port

 

 

 

 

 

 

 

number is 0.

 

 

 

 

 

 

 

Enable the stop-accounting

 

Optional

 

 

 

By default, the stop-accounting

 

 

message retransmission

 

 

 

 

messages retransmission

 

 

function and set the maximum

retry stop-accounting

 

 

function is enabled and the

 

 

number of transmission

retry-times

 

 

system can transmit a buffered

 

 

attempts of a buffered

 

 

 

 

stop-accounting request for

 

 

stop-accounting message

 

 

 

 

100 times.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

z

z

You are not allowed to configure the same IP address for both primary and secondary accounting servers. If you do this, the system will prompt that the configuration fails.

You can remove a server only when it is not used by any active TCP connection for sending accounting messages.

Configuring Shared Keys for HWTACACS Messages

When using a TACACS server as an AAA server, you can set a key to improve the communication security between the device and the TACACS server.

2-22

Page 281
Image 281
3Com WX3000 operation manual Configuring Tacacs Accounting Servers, Configuring Shared Keys for Hwtacacs Messages