HP 3600 v2 Series Security Configuration Manual page 47
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (449 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
Specifying the shared keys for secure HWTACACS communication
The HWTACACS client and HWTACACS server use the MD5 algorithm to authenticate packets
exchanged between them and use shared keys for packet authentication and user passwords encryption.
They must use the same key for the same type of communication.
Follow these steps to specify a shared key for secure HWTACACS communication:
To do...
Enter system view
Enter HWTACACS scheme view
Specify a shared key for secure
HWTACACS authentication,
authorization, or accounting
communication
NOTE:
A shared key configured on the switch must be the same as that configured on the HWTACACS server.
Specifying the VPN to which the servers belong
After you specify a VPN for an HWTACACS scheme, all the authentication, authorization, and
accounting servers specified for the scheme belong to the VPN. However, if you also specify a VPN when
specifying a server for the scheme, the server belongs to the specific VPN.
Follow these steps to specify a VPN for an HWTACACS scheme:
To do...
Enter system view
Enter HWTACACS scheme view
Specify a VPN for the
HWTACACS scheme
Setting the username format and traffic statistics units
A username is usually in the format of userid@isp-name, where isp-name represents the name of the ISP
domain the user belongs to and is used by the switch to determine which users belong to which ISP
domains. However, some HWTACACS servers cannot recognize usernames that contain an ISP domain
name. In this case, the switch must remove the domain name of each username before sending the
username. You can set the username format on the switch for this purpose.
The switch periodically sends accounting updates to HWTACACS accounting servers to report the traffic
statistics of online users. For normal and accurate traffic statistics, make sure that the unit for data flows
and that for packets on the switch are consistent with those configured on the HWTACACS servers.
Follow these steps to set the username format and the traffic statistics units for an HWTACACS scheme:
To do...
Enter system view
Use the command...
system-view
hwtacacs scheme
hwtacacs-scheme-name
key { accounting | authentication |
authorization } [ cipher | simple ] key
Use the command...
system-view
hwtacacs scheme
hwtacacs-scheme-name
vpn-instance vpn-instance-name
Use the command...
system-view
36
Remarks
—
—
Required
No shared key by default
Remarks
—
—
Required
Remarks
—
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
