HP A 5120 Manual

Here you can view all the pages of manual HP A 5120 Manual. The HP manuals for Switch are available online for free. You can easily download all the documents as PDF.

Overview View all the pages Comments

Page 41

31 
 
HWTACACS configuration task list 
Task Remarks 
Creating an HWTACACS scheme Required 
Specifying the HWTACACS authentication servers Required 
Specifying the HWTACACS authorization servers Optional 
Specifying the HWTACACS accounting servers Optional 
Setting the shared keys for HWTACACS packets Required 
Setting the username format and traffic statistics units Optional 
Specifying a source IP address for outgoing HWTACACS packets Optional 
Setting timers for controlling communication with HWTACACS...

Page 42

32 
 NOTE: 
 If both the primary and secondary authentication servers are specified, the secondary one is used when the 
primary one is not reachable. 
 If redundancy is not required, specify only the primary HWTACACS authentication server.  
 The IP addresses of the primary and secondary authentication servers cannot be the same. Otherwise, the 
configuration fails.  
 You can remove an authentication server only when no active TCP connection for sending authentication packets 
is using it....

Page 43

33 
To do… Use the command… Remarks 
Enable the device to buffer 
stop-accounting requests 
getting no responses 
stop-accounting-buffer enable Optional 
Enabled by default 
Set the maximum number of 
stop-accounting request 
transmission attempts 
retry stop-accounting retry-times Optional 
100 by default 
 
 NOTE: 
 If both the primary and secondary accounting servers are specified, the secondary server is used when the 
primary server is not reachable. 
 If redundancy is not required, specify only...

Page 44

34 
To do… Use the command… Remarks 
Enter HWTACACS scheme view hwtacacs scheme hwtacacs-scheme-
name — 
Set the format of usernames sent 
to the HWTACACS servers 
user-name-format { keep-original | 
with-domain | without-domain } 
Optional 
By default, the ISP domain name 
is included in the username. 
Specify the unit for data flows or 
packets sent to the HWTACACS 
servers 
data-flow-format { data { byte | 
giga-byte | kilo-byte | mega-byte } 
| packet { giga-packet | kilo-
packet | mega-packet |...

Page 45

35 
To do… Use the command… Remarks 
Enter HWTACACS scheme 
view 
hwtacacs scheme hwtacacs-
scheme-name — 
Specify a source IP address 
for outgoing HWTACACS 
packets 
nas-ip ip-address 
Required 
By default, the IP address of the outbound 
interface is used as the source IP address. 
 
Setting timers for controlling communication with HWTACACS servers 
Follow these steps to set timers regarding HWTACACS servers: 
To do… Use the command… Remarks 
Enter system view system-view — 
Enter HWTACACS scheme...

Page 46

36 
Configuring AAA methods for ISP domains 
You  configure  AAA  methods  for  an  ISP  domain  by  referencing  configured  AAA  schemes  in  ISP  domain 
view.  Each  ISP  domain  has  a  set  of default  AAA  methods,  which  are  local  authentication,  local 
authorization,  and  local  accounting  by  default  and  can be  customized.  If  you  do not  configure  any  AAA 
methods  for  an  ISP  domain,  the  device  uses  the  system  default  AAA  methods  for authentication, 
authorization, and...

Page 47

37 
To do… Use the command… Remarks 
Enter ISP domain view domain isp-name — 
Place the ISP domain to the state of 
active or blocked state { active | block } 
Optional 
By default, an ISP domain is in the 
active state, and users in the domain 
can request network services. 
Specify the maximum number of 
active users in the ISP domain 
access-limit enable max-user-
number 
Optional 
No limit by default 
Configure the idle cut function idle-cut enable minute [ flow ] 
Optional 
Disabled by default 
This...

Page 48

38 
no authentication  as  the  backup method  to  be  used  when the  remote  server  is  not  available.  No 
authentication can only be configured for LAN users as the backup method of remote authentication.  
You  can  configure  AAA  authentication to  work  alone  without  authorization  and  accounting. By default, 
an ISP domain uses the local authentication method. 
Before configuring authentication methods, complete the following tasks: 
 For  RADIUS or HWTACACS  authentication,  configure...

Page 49

39 
  NOTE: 
 The authentication method specified with the authentication default command is for all types of users and has a 
priority lower than that for a specific access mode. 
 With an authentication method that references a RADIUS scheme, AAA accepts only the authentication result 
from the RADIUS server. The Access-Accept message from the RADIUS server does include the authorization 
information, but the authentication process ignores the information. 
 With the radius-scheme radius-scheme-name...

Page 50

40 
3. Determine whether to configure an authorization method for all access modes or service types. 
Follow these steps to configure AAA authorization methods for an ISP domain: 
To do… Use the command… Remarks 
Enter system view system-view — 
Enter ISP domain view domain isp-name — 
Specify the default 
authorization method for all 
types of users 
authorization default { hwtacacs-scheme 
hwtacacs-scheme-name [ local ] | local | 
none | radius-scheme radius-scheme-name 
[ local ] } 
Optional 
local by...

Start reading HP A 5120 Manual

Related Manuals for HP A 5120 Manual

HP 18108 Instruction Manual
71 pages | HP Switch
HP A 5120 Manual
1464 pages | HP Switch

All HP manuals