Huawei quidway s3526 series Getting Started page 650

Command Manual - Security
Quidway S3500 Series Ethernet Switches
Description
Using the accounting-on enable command, you can enable user re-authentication at
reboot. Using the undo accounting-on enable command, you can disable this
function.
Using the undo accounting-on send command, you can restore the default number
for sending Accounting-On packets.
Using the undo accounting-on interval command, you can restore the default time
interval for sending Accounting-On packets.
By default, user re-authentication at reboot is disabled.
Exclusive users are those with its concurrent online number set to 1 on the CAMS. In
the AAA solution implemented jointly by the switch and CAMS, if the switch reboots
after a user passes the authentication/authorization begins being accounted, the switch
prompts that the user has been online when the user logs into the switch before CAMS
makes online detection. Therefore, the user cannot access network resources normally.
The user can access the network only after the network administrator deletes manually
the online information of the user.
To solve this problem, user re-authentication at reboot is designed. After this function is
enabled, each time the switch reboots,
The switch generates an Accounting-On message, which mainly includes NAS-ID,
NAS-IP (source IP) and session ID;
The switch sends to CAMS an Accounting-On message;
Upon receiving the CAMS Accounting-On message, CAMS finds and deletes the
existing online information of the user based on the NAS-ID, NAS-IP (source IP)
and session ID in the Accounting-On message.
Note:
The main attributes of the Accounting-On message –– NAS-ID, NAS-IP and session
ID are often generated automatically by the switch. However, you can configure the
NAS-IP using the nas-ip command. Make sure you set a correct and valid NAS-IP
address. Otherwise, the switch automatically selects the IP address of the virtual
VLAN interface as NAS-IP.
Among S3500 series ethernet switches, S3552G, S3552P, S3528G, S3528P,
S3526E, S3526E FM, S3526E FS and S3526C support this function, and S3526,
S3526 FM and S3526 FS don't.
Example
# Enable user reauthentication at reboot.
Chapter 3 AAA & RADIUS Protocol Configuration Commands
Huawei Technologies Proprietary
3-19