3com 5500-SI Manual De Usuario
620
C
HAPTER
33: HWTACACS C
ONFIGURATION
The setting of real-time accounting interval somewhat depends on the performance
of the NAS and the TACACS server: a shorter interval requires higher device
performance. You are therefore recommended to adopt a longer interval when there
are a large number of users (more than 1000, inclusive). Table 683 lists the numbers
of users and the recommended intervals.
of the NAS and the TACACS server: a shorter interval requires higher device
performance. You are therefore recommended to adopt a longer interval when there
are a large number of users (more than 1000, inclusive). Table 683 lists the numbers
of users and the recommended intervals.
The real-time accounting interval defaults to 12 minutes.
Displaying and
Debugging
HWTACACS Protocol
Debugging
HWTACACS Protocol
After the above configuration, execute display command in any view to display the
running of the AAA and RADIUS/HWTACACS configuration, and to verify the effect
of the configuration. Execute reset command in user view to reset AAA and
RADIUS/HWTACACS statistics, etc . Execute debugging command in user view to
debug AAA and RADIUS/HWTACACS.
running of the AAA and RADIUS/HWTACACS configuration, and to verify the effect
of the configuration. Execute reset command in user view to reset AAA and
RADIUS/HWTACACS statistics, etc . Execute debugging command in user view to
debug AAA and RADIUS/HWTACACS.
Table 683 Numbers of users and the recommended intervals
Number of users
Real-time accounting interval (minutes)
1–99
3
100–499
6
500–999
12
ƒ1000
ƒ15
Table 684 Displaying and debugging AAA and RADIUS/HWTACACS protocol
Operation
Command
Display the configuration information of the
specified or all the ISP domains.
specified or all the ISP domains.
display domain [ isp-name ]
Display related information of user's
connection
connection
display connection [ access-type dot1x |
domain domain-name | interface interface-type
interface-number | ip ip-address | mac
mac-address | radius-scheme
radius-scheme-name | vlan vlanid | ucibindex
ucib-index | user-name user-name ]
domain domain-name | interface interface-type
interface-number | ip ip-address | mac
mac-address | radius-scheme
radius-scheme-name | vlan vlanid | ucibindex
ucib-index | user-name user-name ]
Display related information of the local user
display local-user [ domain isp-name | idle-cut
{ disable | enable } | service-type { telnet | ftp |
lan-access | ssh | terminal } | state { active |
block } | user-name user-name | vlan vlan-id ]
{ disable | enable } | service-type { telnet | ftp |
lan-access | ssh | terminal } | state { active |
block } | user-name user-name | vlan vlan-id ]
Display the statistics of local RADIUS
authentication server
authentication server
display local-server statistics
Display the configuration information of
RADIUS schemes
RADIUS schemes
display radius [ radius-scheme-name ]
Display the statistics of RADIUS packets
display radius statistics
Display the stopping accounting requests
saved in buffer without response
saved in buffer without response
display stop-accounting-buffer {
radius-scheme radius-scheme-name | session-id
session-id | time-range start-time stop-time |
user-name user-name }
radius-scheme radius-scheme-name | session-id
session-id | time-range start-time stop-time |
user-name user-name }
Display the specified or all the HWTACACS
schemes
schemes
display hwtacacs [ hwtacacs-scheme-name]
Display information on the stop-accounting
packets in the buffer
packets in the buffer
display stop-accounting-buffer
hwtacacs-scheme hwtacacs-scheme-name
hwtacacs-scheme hwtacacs-scheme-name
Delete the stopping accounting requests saved
in buffer without response
in buffer without response
reset stop-accounting-buffer { radius-scheme
radius-scheme-name | session-id session-id |
time-range start-time stop-time | user-name
user-name }
radius-scheme-name | session-id session-id |
time-range start-time stop-time | user-name
user-name }
Reset the statistics of RADIUS server
reset radius statistics
Clear stop-accounting packets from the buffer reset stop-accounting-buffer
hwtacacs-scheme hwtacacs-scheme-name