1-34
Setting the Shared Key for HWTACACS Packets
When using a HWTACACS server as an AAA server, you can set a key to secure the communications
between the device and the HWTACACS server.
The HWTACACS client and HWTACACS server use the MD5 algorithm to encrypt packets exchanged
between them and a shared key to verify the packets. Only when the same key is used can they
properly receive the packets and make responses.
Follow these steps to set the shared key for HWTACACS packets:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create a HWTACACS scheme
and enter HWTACACS scheme
view
hwtacacs scheme
hwtacacs-scheme-name
Required
Not defined by default
Set the shared keys for
HWTACACS authentication,
authorization, and accounting
packets
key
{
accounting
|
authentication
|
authorization
}
string
Required
No shared key exists by
default.
Configuring Attributes Related to the Data Sent to HWTACACS Server
Follow these steps to configure the attributes related to the data sent to the HWTACACS server:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create a HWTACACS scheme
and enter HWTACACS scheme
view
hwtacacs scheme
hwtacacs-scheme-name
Required
Not defined by default
Specify the format of the
username to be sent to a
HWTACACS server
user-name-format
{
keep-original
|
with-domain
|
without-domain
}
Optional
By default, the ISP domain
name is included in the
username.
Specify the unit for data flows or
packets to be sent to a
HWTACACS server
data-flow-format
{
data
{
byte
|
giga-byte
|
kilo-byte
|
mega-byte
} |
packet
{
giga-packet
|
kilo-packet
|
mega-packet
|
one-packet
} }
*
Optional
The defaults are as follows:
byte
for data flows, and
one-packet
for data packets.
In HWTACACS
scheme view
nas-ip ip-address
quit
Set the source
IP address of
the device to
send
HWTACACS
packets
In system view
hwtacacs nas-ip ip-address
Use either command
By default, the outbound port
serves as the source IP
address to send HWTACACS
packets.
Summary of Contents for S5500-SI Series
Page 161: ...3 10 GigabitEthernet1 0 1 2 MANUAL...
Page 220: ...1 7 Clearing ARP entries from the ARP table may cause communication failures...
Page 331: ...1 7 1 1 ms 1 ms 1 ms 1 1 6 1 2 1 ms 1 ms 1 ms 1 1 4 1 3 1 ms 1 ms 1 ms 1 1 2 2 Trace complete...
Page 493: ...2 8...
Page 1111: ...1 10 Installing patches Installation completed and patches will continue to run after reboot...