Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

198

Item Description

Username Format

Set the format of the username sent to the HWTACACS server.
A username is generally in the format of userid@isp-name, of which isp-name is

used by the firewall to determine the ISP domain to which the user belongs. If an
HWTACACS server does not accept a username including an ISP domain

name, you can configure the firewall to remove the domain name before

sending it to the HWTACACS server.
Options include:

•

Without-domain—Specifies to remove the domain name of a username that

is to be sent to the RADIUS server.

•

With-domain—Specifies to keep the domain name of a username that is to

be sent to the RADIUS server.

Unit of Data Flows

Specify the unit for data flows sent to the HWTACACS server for traffic
accounting. Options include:

•

Byte

•

Kilo-byte

•

Mega-byte

•

Giga-byte

If you leave the box blank, the default unit is used.

Unit of Packets

Specify the unit for data packets sent to the HWTACACS server for traffic
accounting. Options include:

•

Packet

•

Kilo-packet

•

Mega-packet

•

Giga-packet

If you leave the box blank, the default unit is used.

Table 55 Recommended real-time accounting interval settings

Number of users

Real-time accounting interval (in minutes)

1 to 99

3

100 to 499

6

500 to 999

12

ƒ

1000

ƒ

15

HWTACACS configuration example in the Web interface

Network requirements

As shown in

Figure 153

, configure SecPath to use the HWTACACS server to provide authentication,

authorization, and accounting services for the Telnet user. Set the shared keys for secure communication

with the HWTACACS server to expert. Configure SecPath to remove the domain name from a username

set to the HWTACACS server.