Hwtacacs Configuration Task List; Creating A Hwtacacs Scheme - H3C S5600 Series Operation Manual

The switch can automatically generate the main attributes (NAS-ID, NAS-IP-address and session ID)
contained in Accounting-On messages. However, you can also manually configure the
NAS-IP-address with the nas-ip command. If you choose to manually configure the attribute, be sure to
configure an appropriate valid IP address. If this attribute is not configured, the switch will automatically
choose the IP address of a VLAN interface as the NAS-IP-address.
Follow these steps to enable the user re-authentication at restart function:
To do...
Enter system view
Enter RADIUS scheme view
Enable the user
re-authentication at restart
function

HWTACACS Configuration Task List

Complete the following tasks to configure HWTACACS:
Configuring the
TACACS client
Configuring the
TACACS server

Creating a HWTACACS Scheme

The HWTACACS protocol configuration is performed on a scheme basis. Therefore, you must create a
HWTACACS scheme and enter HWTACACS view before performing other configuration tasks.
Follow these steps to create a HWTACACS scheme:
To do...
Enter system view
Use the command...
system-view
radius scheme
radius-scheme-name
accounting-on enable [ send
times | interval interval ]
Task
Creating a HWTACACS Scheme
Configuring TACACS Authentication Servers
Configuring TACACS Authorization Servers
Configuring TACACS Accounting Servers
Configuring Shared Keys for RADIUS Messages
Configuring the Attributes of Data to be Sent to TACACS Servers
Configuring the Timers Regarding TACACS Servers
Refer to the configuration of TACACS servers.
Use the command...
system-view
2-23
Remarks
—
—
By default, this function is disabled.
If you use this command without any
parameter, the system will try at most
15 times to send an Accounting-On
message at the interval of three
seconds.
Required
Required
Required
Optional
Optional
Optional
Optional
—
Remarks
—
Remarks