Operation Manual ā AAA & RADIUS & HWTACACS & EAD
Quidway S3900 Series Ethernet Switches-Release 1510
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
Huawei Technologies Proprietary
1-38
Operation Command Description
Set the IP address and
port number of the
secondary TACACS
accounting server
secondary accounting
ip-address [ port ]
Required
By default, the IP
address of the
secondary accounting
server is 0.0.0.0, and
the port number is 0.
Enable the
stop-accounting packets
retransmission function
and set the maximum
number of attempts
retry stop-accounting
retry-times
Optional
By default, the
stop-accounting
packets retransmission
function is enabled and
the system can transmit
a stop-accounting
request for 100 times.
Caution:
z The primary and secondary accounting servers cannot use the same IP address.
Otherwise, the system will prompt unsuccessful configuration.
z You can remove a server only when it is not used by any active TCP connection for
sending accounting packets.
1.5.5 Configuring Shared Keys for RADIUS Packets
When using a TACACS server as an AAA server, you can set a key to improve the
communication security between the router and the TACACS server.
The TACACS client and server adopt MD5 algorithm to encrypt the exchanged
HWTACACS packets. The two parties verify the validity of the exchanged packets by
using the shared keys that have been set on them, and can accept and respond to the
packets sent from each other only if both of them have the same shared keys.
Table 1-28 Configure shared keys for TACACS packets
Operation Command Description
Enter system view
system-view
ā
Create a
HWTACACS
scheme and enter
its view
hwtacacs scheme
hwtacacs-scheme-name
Required
By default, no HWTACACS
scheme exists.
To Next Page
Loading...
