HPE FlexFabric 7900 Series Security Configuration Manual page 37
Hide thumbs
Also See for FlexFabric 7900 Series:
- Layer 3 ip routing command reference (414 pages) ,
- Security configuration manual (323 pages) ,
- Security command reference (320 pages)
Table of Contents
Advertisement
Step
Specifying the HWTACACS accounting servers
You can specify one primary accounting server and a maximum of 16 secondary accounting servers
for an HWTACACS scheme. When the primary server is not available, the device searches for the
secondary servers in the order they are configured. The first secondary server in active state is used
for communication.
If redundancy is not required, specify only the primary server. An HWTACACS server can act as the
primary accounting server of one scheme and as the secondary accounting server of another
scheme at the same time.
HWTACACS does not support accounting for FTP, SFTP, and SCP users.
To specify HWTACACS accounting servers for an HWTACACS scheme:
Step
1.
Enter system view.
2.
Enter HWTACACS
scheme view.
3.
Specify HWTACACS
accounting servers.
Specifying the shared keys for secure HWTACACS communication
The HWTACACS client and server use the MD5 algorithm and shared keys to generate the
Authenticator value for packet authentication and user password encryption. The client and server
must use the same key for each type of communication.
To specify a shared key for secure HWTACACS communication:
Step
1.
Enter system view.
Command
{ host-name | ipv4-address }
[ port-number | key { cipher |
simple } string |
single-connection | vpn-instance
vpn-instance-name ] *
•
Specify a secondary HWTACACS
authorization server:
secondary authorization
{ host-name | ipv4-address }
[ port-number | key { cipher |
simple } string |
single-connection | vpn-instance
vpn-instance-name ] *
Command
system-view
hwtacacs scheme
hwtacacs-scheme-name
•
Specify the primary HWTACACS
accounting server:
primary accounting { host-name |
ipv4-address } [ port-number | key
{ cipher | simple } string |
single-connection | vpn-instance
vpn-instance-name ] *
•
Specify a secondary HWTACACS
accounting server:
secondary accounting
{ host-name | ipv4-address }
[ port-number | key { cipher |
simple } string |
single-connection | vpn-instance
vpn-instance-name ] *
Command
system-view
29
Remarks
Two HWTACACS authorization
servers in a scheme, primary or
secondary, cannot have the same
combination of hostname, IP
address, port number, and VPN.
Remarks
N/A
N/A
By default, no accounting server
is specified.
Two HWTACACS accounting
servers in a scheme, primary or
secondary, cannot have the same
combination of hostname, IP
address, port number, and VPN.
Remarks
N/A
Advertisement
Table of Contents
Troubleshooting
