Configuring Aaa Methods For Isp Domains - HP FlexFabric 5930 Series Security Configuration Manual

Hide thumbs Also See for FlexFabric 5930 Series:

Configuration manuals (467 pages)

Command reference manual (87 pages)

Installation manual (73 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

Table of Contents

If the quiet timer of a server expires, the status of the server changes back to active, but the device

does not check the server again during the authentication or accounting process.

If no server is found reachable during one search process, the device considers the authentication

or accounting attempt a failure.

If you remove an authentication or accounting server in use, the communication of the device with

•

the server soon times out, and the device looks for a server in active state by first checking the

primary server and then secondary servers in the order they are configured.

When the primary server and secondary servers are all in blocked state, the device does not

•

communicate with any server.

•

If one server is in active state and all the others are in blocked state, the device tries to communicate

with the server in active state only, even if the server is unavailable.

If the status of an HWTACACS server changes automatically, the device changes the status of this

•

server accordingly in all HWTACACS schemes in which this server is specified.

To set HWTACACS timers:

Step

Enter system view.

Enter HWTACACS scheme

view.

Set the HWTACACS server

response timeout timer.

Set the real-time accounting

interval.

Set the server quiet timer.

Displaying and maintaining HWTACACS

Execute the display command in any view and the reset command in user view.

Task

Display the configuration or server

statistics of HWTACACS schemes.

Clear HWTACACS statistics.

Configuring AAA methods for ISP domains

You configure AAA methods for an ISP domain by referencing configured AAA schemes in ISP domain

view. Each ISP domain has a set of system-defined AAA methods, which are local authentication, local

Command

system-view

hwtacacs scheme

hwtacacs-scheme-name

timer response-timeout seconds

timer realtime-accounting minutes

timer quiet minutes

Command

display hwtacacs scheme [ hwtacacs-server-name [ statistics ]

reset hwtacacs statistics { accounting | all | authentication |

authorization }

Remarks

N/A

By default, the HWTACACS server

response timeout timer is 5

seconds.

By default, the real-time accounting

interval is 12 minutes.

A short interval helps improve

accounting precision but requires

many system resources. When

there are 1000 or more users, set a

longer interval.

By default, the server quiet timer is

5 minutes.

Table of Contents

Configuring Aaa Methods For Isp Domains - HP FlexFabric 5930 Series Security Configuration Manual

Configuring AAA methods for ISP domains

Troubleshooting

Related Manuals for HP FlexFabric 5930 Series

Related Content for HP FlexFabric 5930 Series

Table of Contents