Setting The Shared Key For Hwtacacs Packets; Configuring Attributes Related To The Data Sent To The Hwtacacs Server - H3C S7500E Series Operation Manual

Operation Manual – AAA RADIUS HWTACACS
H3C S7500E Series Ethernet Switches
Note:
It is recommended to specify only the primary HWTACACS accounting server if
backup is not required.
The IP addresses of the primary and secondary accounting servers cannot be the
same. Otherwise, the configuration fails.
You can remove an accounting server only when no active TCP connection for
sending accounting packets is using it.
Currently, HWTACACS does not support keeping accounts on FTP users.

1.5.5 Setting the Shared Key for HWTACACS Packets

When using a HWTACACS server as an AAA server, you can set a key to secure the
communications between the device and the HWTACACS server.
The HWTACACS client and HWTACACS server use the MD5 algorithm to encrypt
packets exchanged between them and a shared key to verify the packets. Only when
the same key is used can they properly receive the packets and make responses.
Follow these steps to set the shared key for HWTACACS packets:
Enter system view
Create a HWTACACS
scheme and enter
HWTACACS scheme
view
Set the shared keys for
HWTACACS
authentication,
authorization, and
accounting packets
1.5.6 Configuring Attributes Related to the Data Sent to the HWTACACS
server
Follow these steps to configure the attributes related to the data sent to the
HWTACACS server:
Enter system view
Create a HWTACACS
scheme and enter
HWTACACS scheme view
To do...
system-view
hwtacacs scheme
hwtacacs-scheme-name
key { accounting |
authentication |
authorization } string
To do...
system-view
hwtacacs scheme
hwtacacs-scheme-name
Chapter 1 AAA/RADIUS/HWTACACS
Use the command...
Use the command...
1-35
Configuration
Remarks
—
Required
Not defined by default
Required
No shared key exists by
default.
Remarks
—
Required
Not defined by default