Creating an hwtacacs scheme, Specifying the hwtacacs authentication servers – H3C Technologies H3C SecPath F1000-E User Manual

Page 212

Advertising
background image

202

Task Remarks

Specifying the HWTACACS authentication servers

Required

Specifying the HWTACACS authorization servers

Optional

Specifying the HWTACACS accounting servers and the relevant parameters

Optional

Specifying the shared keys for authenticating HWTACACS packets

Required

Specifying a VPN for the HWTACACS scheme

Optional

Setting the username format and traffic statistics units

Optional

Specifying a source IP address for outgoing HWTACACS packets

Optional

Setting timers for controlling communication with HWTACACS servers

Optional

Displaying and maintaining HWTACACS

Optional

Creating an HWTACACS scheme

The HWTACACS protocol is configured on a per scheme basis. Before performing other HWTACACS

configurations, follow these steps to create an HWTACACS scheme and enter HWTACACS scheme

view:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an HWTACACS scheme and

enter HWTACACS scheme view.

hwtacacs scheme
hwtacacs-scheme-name

Not defined by default.

NOTE:

Up to 16 HWTACACS schemes can be configured.

A scheme can be deleted only when it is not referenced.

Specifying the HWTACACS authentication servers

You can specify one primary authentication server and up to one secondary authentication server for an

HWTACACS scheme so that the NAS can find a server for user authentication when using the scheme.

When the primary server is not available, the secondary server is used. In a scenario where redundancy
is not required, specify only the primary server.
Follow these guidelines when you configure HWTACACS authentication servers:

An HWTACACS server can function as the primary authentication server of one scheme and
simultaneously as the secondary authentication server of another scheme.

The IP addresses of the primary and secondary authentication servers cannot be the same.
Otherwise, the configuration fails.

You can remove an authentication server only when no active TCP connection for sending
authentication packets is using it.

To specify HWTACACS authentication servers for an HWTACACS scheme:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands
Popular manuals