3com 5500-ei pwr Installation Instruction

 

2-23 

Follow these steps to configure TACACS accounting servers: 

Enter system view 

— 

Create a HWTACACS scheme 
and enter its view 

hwtacacs scheme 
hwtacacs-scheme-name 

Required 

By default, no HWTACACS 
scheme exists. 

Set the IP address and port 
number of the primary 
TACACS accounting server 

primary accounting 
ip-address [ port ] 

Required 

By default, the IP address of 
the primary accounting server 
is 0.0.0.0, and the port number 
is 0. 

Set the IP address and port 
number of the secondary 
TACACS accounting server 

secondary accounting 
ip-address [ port ] 

Required 

By default, the IP address of 
the secondary accounting 
server is 0.0.0.0, and the port 
number is 0. 

Enable the stop-accounting 
message retransmission 
function and set the maximum 
number of transmission 
attempts of a buffered 
stop-accounting message 

retry stop-accounting 
retry-times 

Optional 

By default, the stop-accounting 
messages retransmission 
function is enabled and the 
system can transmit a buffered 
stop-accounting request for 
100 times. 

 

z 

You are not allowed to configure the same IP address for both primary and secondary accounting 

servers. If you do this, the system will prompt that the configuration fails. 

z 

You can remove a server only when it is not used by any active TCP connection for sending 

accounting messages. 

 

When using a TACACS server as an AAA server, you can set a key to improve the communication 

security between the switch and the TACACS server. 

The TACACS client and server adopt MD5 algorithm to encrypt HWTACACS messages before they are 

exchanged between the two parties. The two parties verify the validity of the HWTACACS messages 

received from each other by using the shared keys that have been set on them, and can accept and 

respond to the messages only when both parties have the same shared key. 

Follow these steps to configure shared keys for HWTACACS messages: 

Enter system view 

—