2-24
The TACACS client and server adopt MD5 algorithm to encrypt HWTACACS messages before they are
exchanged between the two parties. The two parties verify the validity of the HWTACACS messages
received from each other by using the shared keys that have been set on them, and can accept and
respond to the messages only when both parties have the same shared key.
Follow these steps to configure shared keys for HWTACACS messages:
To do… Use the command… Remarks
Enter system view
system-view
—
Create a HWTACACS scheme
and enter its view
hwtacacs scheme
hwtacacs-scheme-name
Required
By default, no HWTACACS
scheme exists.
Set a shared key for
HWTACACS authentication,
authorization or accounting
messages
key { accounting |
authorization |
authentication } string
Required
By default, no such key is set.
Configuring the Attributes of Data to be Sent to TACACS Servers
Follow these steps to configure the attributes for data to be sent to TACACS servers:
To do… Use the command… Remarks
Enter system view
system-view
—
Create a HWTACACS scheme
and enter its view
hwtacacs scheme
hwtacacs-scheme-name
Required
By default, no HWTACACS
scheme exists.
Set the format of the
usernames to be sent to
TACACS server
user-name-format
{ with-domain |
without-domain }
Optional
By default, the usernames sent
from the switch to TACACS
server carry ISP domain
names.
data-flow-format data { byte |
giga-byte | kilo-byte |
mega-byte }
Set the units of data flows to
TACACS servers
data-flow-format packet
{ giga-packet | kilo-packet |
mega-packet | one-packet }
Optional
By default, in a TACACS
scheme, the data unit and
packet unit for outgoing
HWTACACS flows are byte
and one-packet respectively.
HWTACACS scheme view
nas-ip ip-address
Set the source IP address of
outgoing HWTACACS
messages
System view
hwtacacs nas-ip ip-address
Optional
By default, no source IP
address is set; the IP address
of the corresponding outbound
interface is used as the source
IP address.
To Next Page
Loading...
