256
C
26: AAA
HAPTER
Configuring
HWTACACS Protocol
Creating a HWTACAS
Scheme
RADIUS/HWTACACS P
AND
Table 228 Create/Delete a local RADIUS authentication server
Operation
Create a local RADIUS authentication server
Delete a local RADIUS authentication server
By default, the IP address of local RADIUS authentication server group is 127.0.0.1
and the password is 3Com.
When using local RADIUS server function, note that,
1 The number of UDP port used for authentication/authorization is 1645 and that
for accounting is 1646.
2 The password configured by local-server command must be the same as that of
the RADIUS authentication/authorization packet configured by the command key
authentication in radius scheme view.
3 Switch 8800 Family series serving as local RADIUS authentication servers currently
only support the CHAP and PAP authentication modes; they do not support the
MD5-challenge mode.
The following sections describe HWTACACS configuration tasks.
"Creating a HWTACAS Scheme"
■
"Configuring HWTACACS Authentication Servers"
■
"Configuring HWTACACS Authorization Servers"
■
"Configuring HWTACACS Accounting Servers and the Related Attributes"
■
"Configuring the Source Address for HWTACACS Packets Sent by NAS"
■
"Setting a Key for Securing the Communication with TACACS Server"
■
"Setting the Username Format Acceptable to the TACACS Server"
■
"Setting the Unit of Data Flows Destined for the TACACS Server"
■
"Setting Timers Regarding TACACS Server"
■
n
Pay attention to the following when configuring a TACACS server:
HWTACACS server does not check whether a scheme is being used by users
■
when changing most of HWTACS attributes, unless you delete the scheme.
By default, the TACACS server has no key.
■
In the above configuration tasks, creating HWTACACS scheme and configuring
TACACS authentication/authorization server are required; all other tasks are
optional and you can determine whether to perform these configurations as
needed.
As aforementioned, HWTACACS protocol is configured scheme by scheme.
Therefore, you must create a HWTACACS scheme and enter HWTACACS view
before you perform other configuration tasks.
Perform the following configuration in system view.
C
ROTOCOL
ONFIGURATION
Command
local-server nas-ip ip-address key password
undo local-server nas-ip ip-address