3com WX3000 Manuel D’Utilisation

 

2-22 

z 

You are not allowed to configure the same IP address for both primary and secondary authorization 

servers. If you do this, the system will prompt that the configuration fails. 

z 

You can remove a server only when it is not used by any active TCP connection for sending 

authorization messages. 

 

Follow these steps to configure TACACS accounting servers: 

Enter system view 

— 

Create a HWTACACS scheme 
and enter its view 

hwtacacs scheme 
hwtacacs-scheme-name 

Required 

By default, no HWTACACS 
scheme exists. 

Set the IP address and port 
number of the primary 
TACACS accounting server 

primary accounting 
ip-address [ port ] 

Required 

By default, the IP address of 
the primary accounting server 
is 0.0.0.0, and the port number 
is 0. 

Set the IP address and port 
number of the secondary 
TACACS accounting server 

secondary accounting 
ip-address [ port ] 

Required 

By default, the IP address of 
the secondary accounting 
server is 0.0.0.0, and the port 
number is 0. 

Enable the stop-accounting 
message retransmission 
function and set the maximum 
number of transmission 
attempts of a buffered 
stop-accounting message 

retry stop-accounting 
retry-times 

Optional 

By default, the stop-accounting 
messages retransmission 
function is enabled and the 
system can transmit a buffered 
stop-accounting request for 
100 times. 

 

z 

You are not allowed to configure the same IP address for both primary and secondary accounting 

servers. If you do this, the system will prompt that the configuration fails. 

z 

You can remove a server only when it is not used by any active TCP connection for sending 

accounting messages. 

 

When using a TACACS server as an AAA server, you can set a key to improve the communication 

security between the device and the TACACS server.