HP 5120 EI Switch Series Configuration Manual page 43

To do...
Enable the device to buffer
stop-accounting requests
getting no responses
Set the maximum number of
stop-accounting request
transmission attempts
NOTE:

If both the primary and secondary accounting servers are specified, the secondary server is used when the
primary server is not reachable.

If redundancy is not required, specify only the primary HWTACACS accounting server.

The IP addresses of the primary and secondary accounting servers cannot be the same. Otherwise, the
configuration will fail.

You can remove an accounting server only when no active TCP connection for sending accounting packets is
using it.

HWTACACS does not support keeping accounts on FTP users.
Setting the shared keys for HWTACACS packets
The HWTACACS client and HWTACACS server use the MD5 algorithm to encrypt packets exchanged
between them and use shared keys to verify the packets. Only when they use the same key for an
exchanged packet can they receive the packets and make responses properly.
Follow these steps to set the shared keys for HWTACACS packets:
To do...
Enter system view
Enter HWTACACS scheme view
Set the shared keys for
HWTACACS authentication,
authorization, and accounting
packets
Setting the username format and traffic statistics units
A username is usually in the format of userid@isp-name, where isp-name represents the name of the ISP
domain the user belongs to and is used by the device to determine which users belong to which ISP
domains. However, some HWTACACS servers cannot recognize usernames that contain an ISP domain
name. In this case, the device must remove the domain name of each username before sending the
username. You can set the username format on the device for this purpose.
The device periodically sends accounting updates to HWTACACS accounting servers to report the traffic
statistics of online users. For normal and accurate traffic statistics, make sure that the unit for data flows
and that for packets on the device are consistent with those configured on the HWTACACS servers.
Follow these steps to set the username format and the traffic statistics units for an HWTACACS scheme:
To do...
Enter system view
Use the command...
stop-accounting-buffer enable
retry stop-accounting retry-times
Use the command...
system-view
hwtacacs scheme hwtacacs-scheme-
name
key { accounting | authentication |
authorization } string
Use the command...
system-view
33
Remarks
Optional
Enabled by default
Optional
100 by default
Remarks
—
—
Required
No shared key by default
Remarks
—