Configuring tacacs accounting servers, Configuring shared keys for hwtacacs messages – H3C Technologies H3C S3100 Series Switches User Manual

Page 441

Advertising
background image

2-27

Configuring TACACS Accounting Servers

Table 2-28 Configure TACACS accounting servers

Operation

Command

Remarks

Enter system view

system-view

Create an HWTACACS
scheme and enter its view

hwtacacs scheme
hwtacacs-scheme-name

Required

By default, no HWTACACS
scheme exists.

Set the IP address and port
number of the primary
TACACS accounting server

primary accounting
ip-address [ port ]

Required

By default, the IP address of
the primary accounting server
is 0.0.0.0, and the port number
is 0.

Set the IP address and port
number of the secondary
TACACS accounting server

secondary accounting
ip-address [ port ]

Required

By default, the IP address of
the secondary accounting
server is 0.0.0.0, and the port
number is 0.

Enable the stop-accounting
message retransmission
function and set the maximum
number of transmission
attempts of a buffered
stop-accounting message

retry stop-accounting
retry-times

Optional

By default, the stop-accounting
messages retransmission
function is enabled and the
system can transmit a buffered
stop-accounting request for
100 times.

z

You are not allowed to configure the same IP address for both primary and secondary accounting

servers. If you do this, the system will prompt that the configuration fails.

z

You can remove a server only when it is not used by any active TCP connection for sending

accounting messages.

Configuring Shared Keys for HWTACACS Messages

When using a TACACS server as an AAA server, you can set a key to improve the communication

security between the switch and the TACACS server.

The TACACS client and server adopt MD5 algorithm to encrypt HWTACACS messages before they are

exchanged between the two parties. The two parties verify the validity of the HWTACACS messages

received from each other by using the shared keys that have been set on them, and can accept and

respond to the messages only when both parties have the same shared key.

Table 2-29 Configure shared keys for HWTACACS messages

Operation

Command

Remarks

Enter system view

system-view

Advertising
Popular Brands
Popular manuals