40
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter HWTACACS scheme
view.
hwtacacs scheme
hwtacacs-scheme-name
N/A
3. Specify HWTACACS
accounting servers.
• Specify the primary
HWTACACS accounting
server:
primary accounting
ip-address [ port-number | key
[ cipher | simple ] key |
vpn-instance
vpn-instance-name ] *
• Specify a secondary
HWTACACS accounting
server:
secondary accounting
ip-address [ port-number | key
[ cipher | simple ] key |
vpn-instance
vpn-instance-name ] *
Configure at least one
command.
No accounting server is
specified by default.
4. Enable buffering of
stop-accounting requests
to which no responses are
received.
stop-accounting-buffer enable
Optional.
Enabled by default.
5. Set the maximum number
of stop-accounting
attempts.
retry stop-accounting
retry-times
Optional.
The default setting is 100.
Specifying the shared keys for secure HWTACACS communication
The HWTACACS client and HWTACACS server use the MD5 algorithm and a shared key pair for
password encryption.
To specify a shared key for secure HWTACACS communication:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter HWTACACS scheme
view.
hwtacacs scheme
hwtacacs-scheme-name
N/A
3. Specify a shared key for
secure HWTACACS
authentication,
authorization, or accounting
communication.
key
{
accounting
|
authentication
|
authorization
}
[
cipher
|
simple
] key
By default, no shared key is
specified.
In FIPS mode, the shared key
must be at least eight characters
that contain digits, uppercase
letters, lowercase letters, and
special characters, and must use
3DES for encryption and
decryption.
The shared key configured on the
device must be the same as that
configured on the HWTACACS
server.
Specifying a VPN for the HWTACACS scheme
You can specify a VPN for all the AAA servers in an HWTACACS scheme. However, the VPN has a
lower priority than those configured for individual HWTACACS servers.
To Next Page
Loading...
Need help?
General
