Configuring Attributes Related To The Data Sent To Hwtacacs Server; Specifying The Source Ip Address For Hwtacacs Packets To Be Sent - H3C S9500E Series Security Configuration Manual

Routing switches

Hide thumbs Also See for S9500E Series:

Configuration manual (459 pages)

Command reference manual (225 pages)

Installation manual (154 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

Table of Contents

Configuring attributes related to the data sent to

HWTACACS server

Follow these steps to configure the attributes related to the data sent to the HWTACACS server:

To do...

Enter system view

Enter HWTACACS scheme view

Specify the format of the username

to be sent to an HWTACACS

server

Specify the unit for data flows or

packets to be sent to an

HWTACACS server

If an HWTACACS server does not support a username with the domain name, you can configure the switch

to remove the domain name before sending the username to the server.

Specifying the source IP address for HWTACACS packets

to be sent

You can specify an IP address as the source address for HWTACACS packets to be sent on a

NAS, so that when the physical outbound interface fails, response packets from the HWTACACS

server can still arrive at the NAS.

You can specify the source IP address for HWTACACS packets to be sent in HWTACACS scheme

view for a specific HWTACACS scheme, or in system view for all HWTACACS schemes whose

servers are in a VPN or the public network.

Before sending an HWTACACS packet, a NAS selects a source IP address in this order:

The source IP address specified for the HWTACACS scheme.

The source IP address specified in system view for the VPN or public network, depending on

where the HWTACACS server resides.

The IP address of the outbound interface.

Follow these steps to specify a source IP address for all HWTACACS schemes in a VPN or the

public network:

To do...

Enter system view

Use the command...

system-view

hwtacacs scheme hwtacacs-

scheme-name

user-name-format { keep-

original | with-domain |

without-domain }

data-flow-format { data {

byte | giga-byte | kilo-

byte | mega-byte } |

packet { giga-packet | kilo-

packet | mega-packet |

one-packet } }*

Use the command...

system-view

Remarks

—

Optional

By default, the ISP domain name

is included in the username.

Optional

The defaults are as follows:

byte for data flows, and

one-packet for data packets.

Remarks

—

Table of Contents

Configuring Attributes Related To The Data Sent To Hwtacacs Server; Specifying The Source Ip Address For Hwtacacs Packets To Be Sent - H3C S9500E Series Security Configuration Manual

Troubleshooting

Related Manuals for H3C S9500E Series

Related Content for H3C S9500E Series

Table of Contents