H3C S5120-HI Security Configuration Manual page 61

For RADIUS or HWTACACS accounting, configure the RADIUS or HWTACACS scheme to be
1.
referenced first. The local and none accounting methods do not require a scheme.
Determine the access type or service type to be configured. With AAA, you can configure an
2.
accounting method for each access type and service type, limiting the accounting protocols that
can be used for access.
Determine whether to configure an accounting method for all access types or service types.
3.
Follow these guidelines when you configure AAA accounting methods for an ISP domain:
If you configure the accounting optional command, the limit on the number of local user
•
connections is not effective.
The accounting method specified with the accounting default command is for all types of users and
•
has a priority lower than that for a specific access type.
• If you specify the radius-scheme radius-scheme-name local or hwtacacs-scheme
hwtacacs-scheme-name local option when you configure an accounting method, local accounting
is the backup method and is used only when the remote server is not available.
If you specify only the local or none keyword in an accounting method configuration command, the
•
switch has no backup accounting method and performs only local accounting or does not perform
any accounting.
Accounting is not supported for FTP services.
•
To configure AAA accounting methods for an ISP domain:
Step
1. Enter system view.
2. Enter ISP domain view.
3. Enable the accounting
optional feature.
4. Specify the default accounting
method for all types of users.
5. Specify the command
accounting method.
6. Specify the accounting
method for LAN users.
7. Specify the accounting
method for login users.
Command
system-view
domain isp-name
accounting optional
accounting default { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local
| none | radius-scheme
radius-scheme-name [ local ] }
accounting command
hwtacacs-scheme
hwtacacs-scheme-name
accounting lan-access { local | none |
radius-scheme radius-scheme-name
[ local | none ] }
accounting login { hwtacacs-scheme
hwtacacs-scheme-name [ local ] | local
| none | radius-scheme
radius-scheme-name [ local ] }
44
Remarks
N/A
N/A
Optional.
Disabled by default.
With the accounting optional
feature, a switch allows users to
use network resources when no
accounting server is available
or communication with all
accounting servers fails.
Optional.
The default accounting method
is local for all types of users.
Optional.
The default accounting method
is used by default.
Optional.
The default accounting method
is used by default.
Optional.
The default accounting method
is used by default.