HP 10500 Series Configuration Manual page 45

Step
3. Specify HWTACACS
accounting servers.
4. Enable buffering of
stop-accounting requests to
which no responses are
received.
5. Set the maximum number of
stop-accounting attempts.
Specifying the shared keys for secure HWTACACS communication
The HWTACACS client and HWTACACS server use the MD5 algorithm to authenticate packets and use
shared keys for packet authentication and user password encryption. They must use the same key for the
same type of communication.
A shared key configured on the device must be the same as that configured on the HWTACACS server.
To specify a shared key for secure HWTACACS communication:
Step
1. Enter system view.
2. Enter HWTACACS scheme view.
3. Specify a shared key for secure
HWTACACS authentication,
authorization, or accounting
communication.
Specifying the VPN to which the servers belong
After you specify a VPN for an HWTACACS scheme, all AAA servers specified for the scheme belong to
the VPN. However, if you also specify a VPN when specifying a server for the scheme, the server belongs
to the specific VPN.
To specify a VPN for an HWTACACS scheme:
Step
1. Enter system view.
2. Enter HWTACACS scheme view.
3. Specify a VPN for the HWTACACS scheme.
Command
•
Specify the primary HWTACACS
accounting server:
primary accounting ip-address
[ port-number | vpn-instance
vpn-instance-name ] *
•
Specify a secondary HWTACACS
accounting server:
secondary accounting ip-address
[ port-number | vpn-instance
vpn-instance-name ] *
stop-accounting-buffer enable
retry stop-accounting retry-times
Command
system-view
hwtacacs scheme
hwtacacs-scheme-name
key { accounting | authentication |
authorization } [ cipher | simple ]
key
Command
system-view
hwtacacs scheme hwtacacs-scheme-name
vpn-instance vpn-instance-name
35
Remarks
Configure at least one command.
No accounting server is specified
by default.
Optional.
Enabled by default.
Optional.
The default setting is 100.
Remarks
N/A
N/A
No key is specified by default.