H3C S5510 Series Command Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. S5510 Series
  6. Command manual
H3C S5510 Series Command Manual

H3C S5510 Series Command Manual

Hide thumbs Also See for S5510 Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Operating Manual, Installation Manual
Command Manual - AAA&RADIUS&HWTACACS
H3C S3610&S5510 Series Ethernet Switches
Chapter 1 AAA & RADIUS & HWTACACS Configuration Commands ..................................... 1-1
1.1 AAA Configuration Commands.......................................................................................... 1-1
1.1.1 access-limit.............................................................................................................. 1-1
1.1.2 accounting default ................................................................................................... 1-2
1.1.3 accounting lan-access............................................................................................. 1-3
1.1.4 accounting login ...................................................................................................... 1-4
1.1.5 accounting optional ................................................................................................. 1-5
1.1.6 attribute ................................................................................................................... 1-6
1.1.7 authentication default .............................................................................................. 1-7
1.1.8 authentication lan-access........................................................................................ 1-8
1.1.9 authentication login ................................................................................................. 1-9
1.1.10 authorization command....................................................................................... 1-11
1.1.11 authorization default............................................................................................ 1-11
1.1.12 authorization lan-access ..................................................................................... 1-13
1.1.13 authorization login ............................................................................................... 1-14
1.1.14 cut connection ..................................................................................................... 1-15
1.1.15 display connection............................................................................................... 1-16
1.1.16 display domain .................................................................................................... 1-17
1.1.17 display local-user ................................................................................................ 1-19
1.1.18 domain................................................................................................................. 1-20
1.1.19 domain default..................................................................................................... 1-21
1.1.20 idle-cut................................................................................................................. 1-22
1.1.21 level ..................................................................................................................... 1-23
1.1.22 local-user............................................................................................................. 1-24
1.1.23 local-user password-display-mode...................................................................... 1-25
1.1.24 password ............................................................................................................. 1-25
1.1.25 self-service-url ..................................................................................................... 1-26
1.1.26 service-type ......................................................................................................... 1-27
1.1.27 service-type ftp .................................................................................................... 1-28
1.1.28 state..................................................................................................................... 1-29
1.2 RADIUS Configuration Commands ................................................................................. 1-30
1.2.1 data-flow-format .................................................................................................... 1-30
1.2.2 display local-server statistics................................................................................. 1-31
1.2.3 display radius ........................................................................................................ 1-32
1.2.4 display radius statistics ......................................................................................... 1-34
1.2.5 display stop-accounting-buffer .............................................................................. 1-35
1.2.6 key......................................................................................................................... 1-37
1.2.7 local-server............................................................................................................ 1-38

Table of Contents

i
Table of Contents

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S5510 Series and is the answer not in the manual?

Questions and answers

Related Manuals for H3C S5510 Series

Summary of Contents for H3C S5510 Series

  • Page 1: Table Of Contents

    Command Manual – AAA&RADIUS&HWTACACS H3C S3610&S5510 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 AAA & RADIUS & HWTACACS Configuration Commands ........1-1 1.1 AAA Configuration Commands..................1-1 1.1.1 access-limit......................1-1 1.1.2 accounting default ....................1-2 1.1.3 accounting lan-access..................... 1-3 1.1.4 accounting login ......................
  • Page 2 Command Manual – AAA&RADIUS&HWTACACS H3C S3610&S5510 Series Ethernet Switches Table of Contents 1.2.8 local-server nas-ip ....................1-39 1.2.9 nas-ip........................1-40 1.2.10 primary accounting....................1-41 1.2.11 primary authentication..................1-42 1.2.12 radius client ......................1-43 1.2.13 radius nas-ip......................1-44 1.2.14 radius scheme ..................... 1-45 1.2.15 radius trap ......................
  • Page 3 Command Manual – AAA&RADIUS&HWTACACS H3C S3610&S5510 Series Ethernet Switches Table of Contents 1.3.19 timer realtime-accounting..................1-78 1.3.20 timer response-timeout ..................1-79 1.3.21 user-name-format....................1-79...

  • Page 4: Chapter 1 Aaa & Radius & Hwtacacs Configuration Commands

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Chapter 1 AAA & RADIUS & HWTACACS Configuration Commands 1.1 AAA Configuration Commands 1.1.1 access-limit Syntax access-limit { disable | enable max-user-number }...

  • Page 5: Accounting Default

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands 1.1.2 accounting default Syntax accounting default radius-scheme radius-scheme-name local hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none } undo accounting default...

  • Page 6: Accounting Lan-Access

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands # In the default ISP domain named system, configure radius as the default accounting scheme named rd for all users and local as backup accounting. Note that the rd scheme must be already configured.

  • Page 7: Accounting Login

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands [Sysname] domain system [Sysname-isp-system]accounting lan-access local # In the default ISP domain named system, configure radius as the accounting scheme named rd for the lan-access user and local as backup accounting. Note that the rd scheme must be already configured.

  • Page 8: Accounting Optional

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Example # In the default ISP domain named system, configure local as the accounting scheme for the login user. <Sysname>system-view System View: return to User View with Ctrl+Z.

  • Page 9: Attribute

    Parameter ip ip-address: Sets the IP address of the user. The attribute ip command for a local user only applies to H3C 802.1x clients. If you configure this command on a non-H3C client, local authentication will fail. mac mac-address: Sets the MAC address of the user. Where, mac-address is in H-H-H format.

  • Page 10: Authentication Default

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands nas-ip ip-address: Sets the IP address of the remote access server port to which the user is bound to. Where, ip-address is in dotted decimal notation and is 127.0.0.1 (representing this device) by default.

  • Page 11: Authentication Lan-Access

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Use the undo authentication default command to restore the default authentication scheme for all users. By default, the local authentication is used.

  • Page 12: Authentication Login

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Parameter radius-scheme-name: Name of RADIUS scheme, a string not exceeding 32 characters. local: Local authentication. none: No authentication. Description Use the authentication lan-access command to configure authentication scheme for a lan-access user.
  • Page 13 Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands undo authentication login View ISP domain view Parameter radius-scheme-name: Name of RADIUS scheme, a string not exceeding 32 characters. hwtacacs-scheme-name: Name of HWTACACS scheme, a string not exceeding 32 characters.

  • Page 14: Authorization Command

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands 1.1.10 authorization command Syntax authorization command hwtacacs-scheme hwtacacs-scheme-name undo authorization command View ISP domain view Parameter hwtacacs-scheme-name: Name of a HWTACACS scheme, a string of up to 32 characters.
  • Page 15 Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands hwtacacs-scheme-name: Name of HWTACACS scheme, a string not exceeding 32 characters. local: Local authorization. none: Direct authorization. In this case, the user passes the authentication directly, but only owns the default rights.

  • Page 16: Authorization Lan-Access

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands System View: return to User View with Ctrl+Z. [Sysname] domain system [Sysname-isp-system] undo authorization default 1.1.12 authorization lan-access Syntax authorization lan-access { radius-scheme radius-scheme-name [ local ] | local |...

  • Page 17: Authorization Login

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands [Sysname-isp-system] authorization lan-access radius-scheme rd local # In the default ISP domain named system, remove the authorization scheme for the lan-access user.

  • Page 18: Cut Connection

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands # In the default ISP domain named system, configure radius as the authorization scheme named rd for the login user and local as backup authorization. Note that the rd scheme must be already configured.

  • Page 19: Display Connection

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands ucibindex ucib-index: Cuts down the user connection with the specified connection index. Where, ucib-index ranges from 0 to 4294967295. user-name user-name: Cuts down the user connection of the specified user. Where, user-name is a character string of up to 80 characters.

  • Page 20: Display Domain

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands mac mac-address: Displays the connection of the user with the specified MAC address. Where, mac-address is in dotted hexadecimal notation (in the form of H.H.H).
  • Page 21 Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Example # Display the configuration information about all ISP domains. <Sysname>display domain Domain = system State = Active Access-limit = Disable Accounting method = Required...

  • Page 22: Display Local-User

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands 1.1.17 display local-user Syntax display local-user [ domain isp-name | idle-cut { disable | enable } | vlan vlan-id | service-type { lan-access | telnet | ssh | terminal | ftp } | state { active | block } |...

  • Page 23: Domain

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands <Sysname> display local-user The contents of local user user1: State: Active ServiceType: lan-access/telnet Idle-cut: Disable Access-limit: Disable Current AccessNum: 0 Bind location:...

  • Page 24: Domain Default

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands undo domain isp-name View System view Parameter isp-name: Name of a ISP domain, a character string of 1 to than 24 characters (case-insensitive).

  • Page 25: Idle-Cut

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Description Use the domain default command to configure the default ISP domain manually. The default ISP domain is "system". Note that: There is one and only one default ISP domain.

  • Page 26: Level

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Example # Allow users in ISP domain aabbcc.net to enable the idle-cut attribute in user template (that is, allow the user to use the idle-cut function), with the maximum idle time of 50 minutes.

  • Page 27: Local-User

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands [Sysname-luser-user1] level 3 1.1.22 local-user Syntax local-user user-name undo local-user { user-name | all [ service-type { lan-access | telnet | ssh | terminal...

  • Page 28: Local-User Password-Display-Mode

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands 1.1.23 local-user password-display-mode Syntax local-user password-display-mode { cipher-force | auto } undo local-user password-display-mode View System view Parameter cipher-force: Adopts the forcible cipher mode so that the passwords of all local users must be displayed in cipher text.

  • Page 29: Self-Service-Url

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Parameter simple: Specifies to display passwords in simple text. cipher: Specifies to display passwords in cipher text. password: Password you want to set, a character string.

  • Page 30: Service-Type

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Parameter url-string: URL of the web page used to modify user password on the self-service server. It is a character string with 1 character to 64 characters. The string must begin with "http://”, and it cannot contain the character “?”.

  • Page 31: Service-Type Ftp

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands undo service-type { lan-access | { telnet | ssh | terminal }* } View Local user view Parameter lan-access: Specifies that this is a LAN access user (who is generally an Ethernet access user, for example, 802.1x user).

  • Page 32: State

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Parameter ftp-directory directory: Specifies the directory of the FTP user, directory is a character string of up to 64 characters. Description Use the service-type ftp command to configure the FTP service type and accessible directories for users.

  • Page 33: Radius Configuration Commands

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands After an ISP domain is set to the block state, except the online users, the users under this domain are not allowed to access the network.

  • Page 34: Display Local-Server Statistics

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands mega-packet: Specifies to measure packets in mega-packets. one-packet: Specifies to measure packets in packets. Description Use the data-flow-format command to set the units of data flows sent to RADIUS servers.

  • Page 35: Display Radius

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Auth Receive: Auth Send: Acct Receive: Acct Send: Table 1-3 Description on the fields of the display local-server statistics command Field Description...
  • Page 36 Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Primary Acct IP =127.0.0.1 Port=1646 State=block Second Auth IP =0.0.0.0 Port=1812 State=block Second Acct IP =0.0.0.0 Port=1813 State=block Auth Server Encryption Key= Not configured...

  • Page 37: Display Radius Statistics

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Field Description Wait time for the primary servers to Quiet-interval(min) restore the active state Username format User name format Data flow unit...

  • Page 38: Display Stop-Accounting-Buffer

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands RADIUS received packets statistic: Code= 2,Num=1 ,Err=0 Code= 3,Num=0 ,Err=0 Code= 5,Num=1 ,Err=0 Code=11,Num=0 ,Err=0 Running statistic: RADIUS received messages statistic: Normal auth request...
  • Page 39 Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands View Any view Parameter radius-scheme radius-scheme-name: Displays the buffered stop-accounting requests of the specified RADIUS scheme. Where, radius-scheme-name is a character string of up to 32 characters.

  • Page 40: Key

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands <Sysname> display stop-accounting-buffer time-range 0:0:0-08/31/2002 23:59:59-08/31/2002 Total find 0 record(s) 1.2.6 key Syntax key { accounting | authentication } string undo key { accounting | authentication }...

  • Page 41: Local-Server

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands [Sysname] radius scheme radius1 New Radius scheme [Sysname-radius-radius1] key accounting ok 1.2.7 local-server Syntax local-server nas-ip ip-address key password undo local-server nas-ip ip-address...

  • Page 42: Local-Server Nas-Ip

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands when the switch serves as a RADIUS authentication server, it can support at most 16 network access servers simultaneously to provide authentication.

  • Page 43: Nas-Ip

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Related command: radius scheme, state, local-server enable Example # Set the IP address of the network access server allowed by the local RADIUS authentication server to 10.110.1.2 and the shared key to aabbcc.

  • Page 44: Primary Accounting

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Example # Set the source IP address used by the switch to send the RADIUS packets to 10.1.1.1. <Sysname> system-view System View: return to User View with Ctrl+Z.

  • Page 45: Primary Authentication

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands [Sysname] radius scheme radius1 New Radius scheme [Sysname-radius-radius1] primary accounting 10.110.1.2 1813 1.2.11 primary authentication Syntax primary authentication ip-address [ port-number ]...

  • Page 46: Radius Client

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Related command: key, radius scheme and state. Example # Set the IP address and UDP port number of the primary authentication/authorization server used by the RADIUS scheme radius1 to 10.110.1.1 and 1812.

  • Page 47: Radius Nas-Ip

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands After the RADIUS client port is disabled, the sending of real-time accounting-request packets buffered fails and these packets will be removed for the buffer after the number of sending failures reaches the limit.

  • Page 48: Radius Scheme

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Related command: nas-ip. Example # Set the source IP address used by the switch to send the RADIUS packets to 129.10.10.1. <Sysname> system-view System View: return to User View with Ctrl+Z.

  • Page 49: Radius Trap

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands The undo radius scheme command cannot be used to delete the default RADIUS scheme. In addition, you cannot delete a RADIUS scheme which is being used by an online user.

  • Page 50: Reset Local-Server Statistics

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands If the maximum transmission number is an odd number, "one half of the maximum transmission number" takes the value of the smallest integer that is greater than one half of the maximum transmission number.

  • Page 51: Reset Stop-Accounting-Buffer

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Description Use the reset radius statistics command to clear the statistics about the RADIUS protocol. Related command: display radius. Example # Clear the statistics about the RADIUS protocol.

  • Page 52: Retry

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Example # Delete the stop-accounting request packets buffered in the system for the user user0001@aabbcc.net. <Sysname> reset stop-accounting-buffer user-name user0001@aabbcc.net # Delete the stop-accounting request packets buffered from 0:0:0 08/31/2002 to 23:59:59 08/31/2002 in the system.

  • Page 53: Retry Realtime-Accounting

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Example # Set the maximum transmission times of RADIUS requests in the RADIUS scheme radius1 to five. <Sysname> system-view System View: return to User View with Ctrl+Z.

  • Page 54: Retry Stop-Accounting

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands A real-time account request may be sent multiple times (set by the retry command in RADIUS scheme view) for an accounting attempt. If no response is received even after the number of transmission attempts reaches the maximum, the accounting attempt fails.

  • Page 55: Secondary Accounting

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Description Use the retry stop-accounting command to set the maximum number of stop-accounting request failures. After this number is reached, the device removes the buffered stop-accounting request packets.

  • Page 56: Secondary Authentication

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands undo secondary accounting View RADIUS scheme view Parameter ip-address: IP address, in dotted decimal notation. By default, the IP address of the secondary accounting server is 0.0.0.0.

  • Page 57: Server-Type

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands port-number: UDP port number, ranging from 1 to 65535. By default, the UDP port number of the secondary authentication/authorization service is 1812.

  • Page 58: State

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Use the undo server-type command to restore the default RADIUS server type supported by the switch. By default, the switch supports the standard type of RADIUS server. The type of RADIUS server in the default RADIUS scheme "system"...

  • Page 59: Stop-Accounting-Buffer Enable

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands When the switch fails to communicate with the primary server due to some server trouble, the switch will actively exchange packets with the secondary server.

  • Page 60: Timer Quiet

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands By default, the switch is enabled to buffer the stop-accounting requests that bring no response. Stop-accounting requests are critical to billing and will eventually affect the charges;...

  • Page 61: Timer Realtime-Accounting

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] radius scheme radius1 New Radius scheme [Sysname-radius-radius1] timer quiet 10 1.2.28 timer realtime-accounting...

  • Page 62: Timer Response-Timeout

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Number of users Real-time accounting interval ú1000 ú15 Related command: retry realtime-accounting and radius scheme. Example # Set the real-time accounting interval of the RADIUS scheme radius1 to 51 minutes.

  • Page 63: User-Name-Format

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Appropriately setting the timeout time of this timer according to the network situation can improve the performance of the system. The product of the maximum RADIUS packet transmission attempts and the response timeout timer for the RADIUS server can be no more than 75 seconds.

  • Page 64: Hwtacacs Configuration Commands

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands user-name-format command is designed for you to specify whether or not ISP domain names are carried in the user names sent to the RADIUS server.

  • Page 65: Display Hwtacacs

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands one-packet: Sets 'one-packet' as the unit of packet flow. Description Use the data-flow-format command to configure the unit of data flows sent to the TACACS server.
  • Page 66 Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands HWTACACS-server template name : gy Primary-authentication-server : 0.0.0.0:0 Primary-authorization-server : 0.0.0.0:0 Primary-accounting-server : 0.0.0.0:0 Secondary-authentication-server : 0.0.0.0:0 Secondary-authorization-server : 0.0.0.0:0 Secondary-accounting-server : 0.0.0.0:0 Current-authentication-server : 0.0.0.0:0...

  • Page 67: Display Stop-Accounting-Buffer

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Field Description key authorization Authorization key key accounting Accounting key Wait time for the primary servers to Quiet-interval restore the active state...

  • Page 68: Hwtacacs Nas-Ip

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands user-name user-name: Displays information on buffered stop-accounting requests according to the user name specified by user-name, a character string of up to 80...

  • Page 69: Hwtacacs Scheme

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands The nas-ip command in HWTACACS scheme view only takes effect for the current HWTACACS scheme, while that in system view is for all HWTACACS schemes.

  • Page 70: Key

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands 1.3.6 key Syntax key { accounting | authentication | authorization } string undo key { accounting | authentication | authorization } View...

  • Page 71: Primary Accounting

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Parameter ip-address: Specified source IP address which cannot be an all-zero address, class D address or loopback address. Description Use the nas-ip command to specify the source address for sending HWTACACS packets.

  • Page 72: Primary Authentication

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Description Use the primary accounting command to configure a primary HWTACACS accounting server. Use the undo primary accounting command to delete the configured primary HWTACACS accounting server.

  • Page 73: Primary Authorization

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Note that: You are not allowed to assign the same IP address to both primary and secondary authentication servers; otherwise, unsuccessful operation is prompted.

  • Page 74: Reset Hwtacacs Statistics

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands If you repeatedly use this command, the latest configuration overwrites the previous one. You can remove an authorization server only when it is not being used by any active TCP connections, and the removal impacts only packets forwarded afterwards.

  • Page 75: Reset Stop-Accounting-Buffer

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands 1.3.12 reset stop-accounting-buffer Syntax reset stop-accounting-buffer { hwtacacs-scheme hwtacacs-scheme-name | session-id session-id | time-range start-time stop-time | user-name user-name } View User view...

  • Page 76: Retry Stop-Accounting

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands 1.3.13 retry stop-accounting Syntax retry stop-accounting retry-times undo retry stop-accounting View HWTACACS scheme view Parameter retry-times: Maximum number of real-time stop-accounting request attempts. It is in the range 1 to 300 and defaults to 100.

  • Page 77: Secondary Authentication

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Parameter ip-address: IP address of the server, a valid unicast address in dotted decimal format. By default, the IP address of the secondary accounting server is 0.0.0.0.

  • Page 78: Secondary Authorization

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Description Use the secondary authentication command to configure a secondary HWTACACS authentication server. Use the undo secondary authentication command to delete the configured secondary authentication server.

  • Page 79: Stop-Accounting-Buffer Enable

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Note that: You are not allowed to assign the same IP address to both primary and secondary authorization servers. If you repeatedly use this command, the latest configuration overwrites the previous one.

  • Page 80: Timer Quiet

    Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands maximum number of transmission attempts is reached (in this case, it discards the request). Related command: reset stop-accounting-buffer, hwtacacs scheme, display stop-accounting-buffer.
  • Page 81 Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands 1.3.19 timer realtime-accounting Syntax timer realtime-accounting minutes undo timer realtime-accounting View HWTACACS scheme view Parameter minutes: Real-time accounting interval, which is a multiple of 3 in the range 3 to 60 minutes.
  • Page 82 Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands Example # Set the real-time accounting interval in the HWTACACS scheme “hwt1” to 51 minutes. <Sysname> system-view System View: return to User View with Ctrl+Z.
  • Page 83 Command Manual – AAA&RADIUS&HWTACACS Chapter 1 AAA & RADIUS & HWTACACS H3C S3610&S5510 Series Ethernet Switches Configuration Commands View HWTACACS scheme view Parameter with-domain: Specifies to send the username with a domain name to the TACACS server. without-domain: Specifies to send the username without any domain name to the TACACS server.

This manual is also suitable for:

S3610 series

Table of Contents