33-25
z
You are not allowed to configure the same IP address for both primary and secondary authorization
servers. If you do this, the system will prompt that the configuration fails.
z
You can remove a server only when it is not used by any active TCP connection for sending
authorization messages.
Configuring TACACS Accounting Servers
Follow these steps to configure TACACS accounting servers:
To do…
Use the command…
Remarks
Enter system view
—
system-view
Required
Create a HWTACACS scheme
and enter its view
hwtacacs scheme
hwtacacs-scheme-name
By default, no HWTACACS
scheme exists.
Required
Set the IP address and port
number of the primary
TACACS accounting server
By default, the IP address of
the primary accounting server
is 0.0.0.0, and the port number
is 0.
primary accounting
ip-address
[
port
]
Required
Set the IP address and port
number of the secondary
TACACS accounting server
By default, the IP address of
the secondary accounting
server is 0.0.0.0, and the port
number is 0.
secondary accounting
ip-address
[
port
]
Optional
Enable the stop-accounting
message retransmission
function and set the maximum
number of transmission
attempts of a buffered
stop-accounting message
By default, the stop-accounting
messages retransmission
function is enabled and the
system can transmit a buffered
stop-accounting request for
100 times.
retry stop-accounting
retry-times
z
You are not allowed to configure the same IP address for both primary and secondary accounting
servers. If you do this, the system will prompt that the configuration fails.
z
You can remove a server only when it is not used by any active TCP connection for sending
accounting messages.
Configuring Shared Keys for HWTACACS Messages
When using a TACACS server as an AAA server, you can set a key to improve the communication
security between the switch and the TACACS server.