HP 3600 v2 Series Security Configuration Manual page 46
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (449 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
NOTE:
An HWTACACS server can function as the primary authorization server of one scheme and as the
•
secondary authorization server of another scheme at the same time.
•
The IP addresses of the primary and secondary authorization servers cannot be the same. Otherwise,
the configuration fails.
You can remove an authorization server only when no active TCP connection for sending authorization
•
packets is using it.
Specifying the HWTACACS accounting servers and the relevant parameters
You can specify one primary accounting server and up to one secondary accounting server for an
HWTACACS scheme. When the primary server is not available, the secondary server is used, if any. In
a scenario where redundancy is not required, specify only the primary server.
When the switch receives a connection teardown request from a host or a connection teardown
command from an administrator, it sends a stop-accounting request to the accounting server. You can
enable buffering of non-responded stop-accounting requests to allow the switch to buffer and resend a
stop-accounting request until it receives a response or the number of stop-accounting attempts reaches
the configured limit. In the latter case, the switch discards the packet.
Follow these steps to specify HWTACACS accounting servers and set relevant parameters for an
HWTACACS scheme:
To do...
Enter system view
Enter HWTACACS scheme view
Specify the primary HWTACACS
accounting server
Specify the secondary
HWTACACS accounting server
Enable buffering of
stop-accounting requests to which
no responses are received
Set the maximum number of
stop-accounting attempts
NOTE:
•
An HWTACACS server can function as the primary accounting server of one scheme and as the
secondary accounting server of another scheme at the same time.
The IP addresses of the primary and secondary accounting servers cannot be the same. Otherwise, the
•
configuration fails.
You can remove an accounting server only when no active TCP connection for sending accounting
•
packets is using it.
HWTACACS does not support accounting for FTP users.
•
Use the command...
system-view
hwtacacs scheme
hwtacacs-scheme-name
primary accounting ip-address
[ port-number | vpn-instance
vpn-instance-name ] *
secondary accounting ip-address
[ port-number | vpn-instance
vpn-instance-name ] *
stop-accounting-buffer enable
retry stop-accounting retry-times
35
Remarks
—
—
Required
Configure at least one command.
No accounting server is specified
by default.
Optional
Enabled by default
Optional
100 by default
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
