34
Setting the shared keys for HWTACACS packets
The HWTACACS client and HWTACACS server use the MD5 algorithm to encrypt packets exchanged
between them and use shared keys to verify the packets. Only when they use the same key for an
exchanged packet can they receive the packets and make responses properly.
The shared key configured at the time you specify a primary or secondary server takes precedence over
the one configured by using the key command in this section. If you do not specify a shared key when
you specify the server, the device searches for the shared key configured by using the key command to
communicate with the server.
Follow these steps to set the shared keys for HWTACACS packets:
To do… Use the command… Remarks
Enter system view system-view —
Enter HWTACACS scheme view
hwtacacs scheme
hwtacacs-scheme-name
—
Set the shared keys for
HWTACACS authentication,
authorization, and accounting
packets
key { accounting | authentication |
authorization } [ cipher | simple ] key
Required
No shared key by default
Setting the username format and traffic statistics units
A username is usually in the format of userid@isp-name, where isp-name represents the name of the ISP
domain the user belongs to and is used by the device to determine which users belong to which ISP
domains. However, some HWTACACS servers cannot recognize usernames that contain an ISP domain
name. In this case, the device must remove the domain name of each username before sending the
username. You can set the username format on the device for this purpose.
The device periodically sends accounting updates to HWTACACS accounting servers to report the traffic
statistics of online users. For normal and accurate traffic statistics, make sure that the unit for data flows
and that for packets on the device are consistent with those configured on the HWTACACS servers.
Follow these steps to set the username format and the traffic statistics units for an HWTACACS scheme:
To do… Use the command… Remarks
Enter system view system-view —
Enter HWTACACS scheme view
hwtacacs scheme
hwtacacs-scheme-name
—
Set the format of usernames sent to
the HWTACACS servers
user-name-format { keep-original |
with-domain | without-domain }
Optional
By default, the ISP domain name
is included in the username.
Specify the unit for data flows or
packets sent to the HWTACACS
servers
data-flow-format { data { byte |
giga-byte | kilo-byte | mega-byte }
| packet { giga-packet | kilo-packet
| mega-packet | one-packet } }*
Optional
byte for data flows and
one-packet for data packets by
default.
To Next Page
Loading...
