Setting The Shared Key For Hwtacacs Packets; Configuring Attributes Related To The Data Sent To The Tacacs Server - 3Com MSR 50 Series Configuration Manual

Setting the Shared Key
for HWTACACS Packets
Configuring Attributes
Related to the Data Sent
to the TACACS Server
n
When using a HWTACACS server as an AAA server, you can set a key to secure the
communications between the device and the HWTACACS server.
The HWTACACS client and HWTACACS server use the MD5 algorithm to encrypt
packets exchanged between them and a shared key to verify the packets. Only
when the same key is used can they properly receive the packets and make
responses.
Follow these steps to set the shared key for HWTACACS packets:
To do...
Enter system view
Create a HWTACACS scheme and
enter HWTACACS scheme view
Set the shared keys for
HWTACACS authentication,
authorization, and accounting
packets
Follow these steps to configure the attributes related to the data sent to the
HWTACACS server:
To do...
Enter system view
Create a HWTACACS scheme
and enter HWTACACS scheme
view
Specify the format of the
username to be sent to a
HWTACACS server
Specify the unit for data flows
or packets to be sent to a
HWTACACS server
Set the source In
IP address of HWTACACS
the device to scheme view
send
In system view quit
HWTACACS
packets
If a HWTACACS server does not support a username with the domain name,
■
you can configure the device to remove the domain name before sending the
username to the server.
The nas-ip command in HWTACACS scheme view is only for the current
■
HWTACACS scheme, while the hwtacacs nas-ip command in system view is
for all HWTACACS schemes. However, the nas-ip command in HWTACACS
scheme view overwrites the configuration of the hwtacacs nas-ip command.
Use the command...
system-view
hwtacacs scheme
hwtacacs-scheme-name
key { accounting |
authentication |
authorization } string
Use the command...
system-view
hwtacacs scheme
hwtacacs-scheme-name
user-name-format
{ with-domain |
without-domain }
data-flow-format { data
{ byte | giga-byte |
kilo-byte | mega-byte } |
packet { giga-packet |
kilo-packet | mega-packet |
one-packet } }*
nas-ip ip-address
hwtacacs nas-ip ip-address
Configuring HWTACACS
Remarks
-
Required
By default, no HWTACACS
scheme is created.
Required
By default, no shared key is
set.
Remarks
-
Required
By default, no HWTACACS
scheme is created.
Optional
By default, the ISP domain
name is included in the
username.
Optional
The defaults are as follows:
Byte for data flows, and
One-packet for data packets.
Use either command
By default, the outbound port
serves as the source IP
address to send HWTACACS
packets
1779