Configuring The Attributes For Data To Be Sent To Tacacs Servers - H3C S7500 Series Operation Manual

Operation Manual – AAA & RADIUS & HWTACACS & EAD
H3C S7500 Series Ethernet Switches

1.5.6 Configuring the Attributes for Data to be Sent to TACACS Servers

Table 1-28 Configure the attributes for data to be sent to TACACS servers
Enter system view
Create a HWTACACS
scheme and enter its view
Set the format of the user
names to be sent to
TACACS servers
Set the units of measure
for data flows sent to
TACACS servers
Set the source IP address
used by the switch to send
HWTACACS packets
Caution:
Generally, the access users are named in the userid@isp-name format. isp-name
behind the @ character represents the ISP domain name. If the TACACS server does
not accept the user name carrying ISP domain name, it is necessary to remove the
domain name from the user names before they are sent to the TACACS server.
To do...
system-view
hwtacacs scheme
hwtacacs-scheme-name
user-name-format
{ with-domain |
without-domain }
data-flow-format data
{ byte | giga-byte |
kilo-byte | mega-byte }
data-flow-format packet
{ giga-packet |
kilo-packet |
mega-packet |
one-packet }
HWTACACS view
nas-ip ip-address
System view
hwtacacs nas-ip
ip-address
Chapter 1 AAA & RADIUS & HWTACACS
Use the command...
1-37
Configuration
Remarks
—
Required
By default, no
HWTACACS scheme
exists.
Optional
By default, the user
names sent from the
switch to TACACS
servers carry ISP domain
names.
Optional
By default, in a TACACS
scheme, the unit of
measure for data is byte
and that for packets is
one-packet.
Optional
By default, no source IP
address is specified; the
IP address of the
outbound interface is
used as the source IP
address.