Table of Contents
Advertisement
Operation Manual – AAA
H3C S3100 Series Ethernet Switches
2.3.6 Configuring the Attributes of Data to be Sent to TACACS Servers
Table 2-29 Configure the attributes for data to be sent to TACACS servers
Operation
Enter system view
Create a HWTACACS
scheme and enter its
view
Set the format of the
user names to be sent
to TACACS server
Set the units of data
flows to TACACS
servers
Set the source IP
address of outgoing
HWTACACS messages
Caution:
Generally, the access users are named in the userid@isp-name or userid.isp-name
format. Where, isp-name after the "@" or "." character represents the ISP domain name.
If the TACACS server does not accept the user names that carry ISP domain names, it
is necessary to remove domain names from user names before they are sent to
TACACS server.
Command
system-view
hwtacacs scheme
hwtacacs-scheme-name
user-name-format
{ with-domain |
without-domain }
data-flow-format data
{ byte | giga-byte |
kilo-byte | mega-byte }
data-flow-format packet
{ giga-packet | kilo-packet
| mega-packet |
one-packet }
HWTACACS scheme view
nas-ip ip-address
System view
hwtacacs nas-ip
ip-address
2-29
Chapter 2 AAA Configuration
Remarks
—
Required
By default, no
HWTACACS scheme
exists.
Optional
By default, the user
names sent from the
switch to TACACS server
carry ISP domain names.
Optional
By default, in a TACACS
scheme, the data unit and
packet unit for outgoing
HWTACACS flows are
byte and one-packet
respectively.
Optional
By default, no source IP
address is set; the IP
address of the
corresponding outbound
interface is used as the
source IP address.
Advertisement
Chapters
Table of Contents
Troubleshooting
