HPE FlexFabric 7900 Series Security Configuration Manual page 38
Hide thumbs
Also See for FlexFabric 7900 Series:
- Layer 3 ip routing command reference (414 pages) ,
- Security configuration manual (323 pages) ,
- Security command reference (320 pages)
Table of Contents
Advertisement
Step
2.
Enter HWTACACS scheme
view.
3.
Specify a shared key for
secure HWTACACS
authentication, authorization,
or accounting
communication.
Specifying a VPN for the scheme
The VPN specified for an HWTACACS scheme applies to all servers in that scheme. If a VPN is also
configured for an individual HWTACACS server, the VPN specified for the HWTACACS scheme
does not take effect on that server.
To specify a VPN for an HWTACACS scheme:
Step
1.
Enter system view.
2.
Enter HWTACACS scheme
view.
3.
Specify a VPN for the
HWTACACS scheme.
Setting the username format and traffic statistics units
A username is in the userid@isp-name format, where the isp-name argument represents the user's
ISP domain name. By default, the ISP domain name is included in a username. If HWTACACS
servers do not recognize usernames that contain ISP domain names, you can configure the device
to send usernames without domain names to the servers.
If two or more ISP domains use the same HWTACACS scheme, configure the scheme to keep the
ISP domain name in usernames for domain identification.
The device reports online user traffic statistics in accounting packets. The traffic measurement units
are configurable, but they must be the same as the traffic measurement units configured on the
HWTACACS accounting servers.
To set the username format and traffic statistics units for an HWTACACS scheme:
Step
1.
Enter system view.
2.
Enter HWTACACS scheme
view.
3.
Set the format of usernames
sent to the HWTACACS
servers.
4.
(Optional.) Set the data flow
and packet measurement
units for traffic statistics.
Command
hwtacacs scheme
hwtacacs-scheme-name
key { accounting |
authentication | authorization }
{ cipher | simple } string
Command
system-view
hwtacacs scheme
hwtacacs-scheme-name
vpn-instance vpn-instance-name
Command
system-view
hwtacacs scheme
hwtacacs-scheme-name
user-name-format { keep-original
| with-domain | without-domain }
data-flow-format { data { byte |
giga-byte | kilo-byte | mega-byte }
| packet { giga-packet |
kilo-packet | mega-packet |
one-packet } }*
30
Remarks
N/A
By default, no shared key is
specified.
The shared key configured on the
device must be the same as the
shared key configured on the
HWTACACS server.
Remarks
N/A
N/A
By default, an HWTACACS
scheme belongs to the public
network.
Remarks
N/A
N/A
By default, the ISP domain name
is included in a username.
By default, traffic is counted in
bytes and packets.
Advertisement
Table of Contents
Troubleshooting
