3com WX3000 Manuel D’Utilisation
2-19
online when the user re-logs into the switching engine before the iMC performs online user detection,
and the user cannot get authenticated. In this case, the user can access the network again only when
the iMC administrator manually removes the user's online information.
The user re-authentication at restart function is designed to resolve this problem. After this function is
enabled, every time the device restarts:
1) The device generates an Accounting-On message, which mainly contains the following information:
NAS-ID, NAS-IP-address (source IP address), and session ID.
2) The device sends the Accounting-On message to the IMC at regular intervals.
3) Once the IMC receives the Accounting-On message, it sends a response to the device. At the
same time it finds and deletes the original online information of the users who were accessing the
network through the device before the restart according to the information (NAS-ID,
NAS-IP-address and session ID) contained in the message, and ends the accounting for the users
depending on the last accounting update message.
4) Once the device receives the response from the IMC, it stops sending Accounting-On messages.
5) If the device does not receive any response from the IMC after it has tried the configured maximum
number of times to send the Accounting-On message, it will not send the Accounting-On message
any more.
The device can automatically generate the main attributes (NAS-ID, NAS-IP-address and session ID)
contained in Accounting-On messages. However, you can also manually configure the NAS-IP-address
with the nas-ip command. If you choose to manually configure the attribute, be sure to configure an
appropriate valid IP address. If this attribute is not configured, the device will automatically choose the
IP address of a VLAN interface as the NAS-IP-address.
Follow these steps to enable the user re-authentication at restart function:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter RADIUS scheme view
radius scheme
radius-scheme-name
radius-scheme-name
—
Enable the user
re-authentication at restart
function
re-authentication at restart
function
accounting-on enable [ send
times | interval interval ]
times | interval interval ]
By default, this function is
disabled.
disabled.
If you use this command
without any parameter, the
system will try at most 15 times
to send an Accounting-On
message at the interval of three
seconds.
without any parameter, the
system will try at most 15 times
to send an Accounting-On
message at the interval of three
seconds.
HWTACACS Configuration Task List
Complete the following tasks to configure HWTACACS: