Installation manual

ManualsBrandsQuidway ManualsComputer equipmentS3000-EI Series

281

282

283

284

285

286

287

288

289

290

Command Manual - Security

Quidway S3000-EI Series Ethernet Switches

Chapter 2 AAA & RADIUS Protocol Configuration

Commands

Huawei Technologies Proprietary

2-19

Description

Using the accounting-on enable command, you can enable user re-authentication at

reboot. Using the undo accounting-on enable command, you can disable this

function.

Using the undo accounting-on send command, you can restore the default number

for sending Accounting-On packets.

Using the undo accounting-on interval command, you can restore the default time

interval for sending Accounting-On packets.

By default, user re-authentication at reboot is disabled.

Exclusive users are those with its concurrent online number set to 1 on the CAMS. In

the AAA solution implemented jointly by the switch and CAMS, if the switch reboots

after a user passes the authentication/authorization begins being accounted, the switch

prompts that the user has been online when the user logs into the switch before CAMS

makes online detection. Therefore, the user cannot access network resources normally.

The user can access the network only after the network administrator deletes manually

the online information of the user.

To solve this problem, user re-authentication at reboot is designed. After this function is

enabled, each time the switch reboots,

z The switch generates an Accounting-On message, which mainly includes NAS-ID,

NAS-IP (source IP) and session ID;

z The switch sends to CAMS an Accounting-On message;

z Upon receiving the CAMS Accounting-On message, CAMS finds and deletes the

existing online information of the user based on the NAS-ID, NAS-IP (source IP)

and session ID in the Accounting-On message.

 Note:

The main attributes of the Accounting-On message –– NAS-ID, NAS-IP and session ID

are often generated automatically by the switch. However, you can configure the

NAS-IP using the nas-ip command. Make sure you set a correct and valid NAS-IP

address. Otherwise, the switch automatically selects the IP address of the virtual VLAN

interface as NAS-IP.

Example

# Enable user reauthentication at reboot.

<Quidway> system-view

System View: return to User View with Ctrl+Z.

[Quidway] radius scheme CAMS