Huawei SmartAX MA5603T Configuration Manual page 267
Access module
Hide thumbs
Also See for SmartAX MA5603T:
- Hardware description (977 pages) ,
- Hardware description (65 pages)
Table of Contents
Advertisement
SmartAX MA5600T/MA5603T/MA5608T Multi-service
Access Module
Commissioning and Configuration Guide
3.
4.
5.
6.
7.
8.
9.
Step 5 Create a domain.
A domain is a group of users of the same type.
Issue 01 (2014-04-30)
NOTE
l To ensure normal communication between the MA5600T/MA5603T/MA5608T and the
HWTACACS server, before configuring the IP address and the UDP port of the HWTACACS server,
make sure that the route between the HWTACACS server and the MA5600T/MA5603T/MA5608T
is in the normal state.
l Make sure that the HWTACACS server port of the MA5600T/MA5603T/MA5608T is the same as
the port of the HWTACACS server.
Run the hwtacacs-server accounting command to configure a primary accounting server.
You can select secondary to configure a secondary accounting server.
Run the hwtacacs-server authorization command to configure a primary authorization
server. You can select secondary to configure a secondary authorization server.
(Optional) Run the hwtacacs-server shared-key command to configure the shared key of
the HWTACACS server.
NOTE
l The HWTACACS client (MA5600T/MA5603T/MA5608T) and the HWTACACS server use the
MD5 algorithm to encrypt the HWTACACS packets. They check the validity of the packets by
configuring the encryption key. They can receive the packets from each other and can respond to each
other only when their keys are the same.
l By default, the HWTACACS server does not have a key.
(Optional) Run the hwtacacs-server timer response-timeout to set the response timeout
time of the HWTACACS server.
NOTE
l If the HWTACACS server does not respond to the HWTACACS request packets within the timeout
time, the communication between the MA5600T/MA5603T/MA5608T and the current HWTACACS
server is considered as interrupted.
l By default, the response timeout time of the HWTACACS server is 5s.
(Optional) In the global config mode, run the hwtacacs-server accounting-stop-packet
command to configure the re-transmission mechanism of the accounting-stop packets of
the HWTACACS server.
NOTE
l To prevent the loss of the accounting packets, the MA5600T/MA5603T/MA5608T supports the re-
transmission of the accounting-stop packets of the HWTACACS server.
l By default, the re-transmit time of the accounting-stop packets of the HWTACACS server is 100.
(Optional) Run the (undo)hwtacacs-server user-name domain-included command to
configure the user name (not) to carry the domain name when transmitted to the
HWTACACS server.
l By default, the user name of the HWTACACS server carries the domain name.
l After the undo hwtacacs-server user-name domain-included command is executed,
the domain name is deleted from the user name when the client sends authentication
and authorization requests to the HWTACACS server. The domain name in the user
name of the accounting request is, however, reserved. This is to ensure that the users
can be distinguished from each other in the accounting.
Run the quit command to return to the global config mode.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 Basic Configurations
242
- Quick Links:
- Commissioning Introduction
Hide quick links:
Advertisement
Table of Contents
