Setting the shared keys for hwtacacs packets – H3C Technologies H3C S7500E Series Switches User Manual

2-22

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter HWTACACS scheme

view

hwtacacs scheme

hwtacacs-scheme-name

—

Specify the primary

HWTACACS accounting server

primary accounting ip-address

[ port-number ]

Specify the secondary

HWTACACS accounting server

secondary accounting ip-address

[ port-number ]

Required

Configure at least one command.

No accounting server is specified by

default.

Enable the device to buffer

stop-accounting requests

getting no responses

stop-accounting-buffer enable

Optional

Enabled by default

Set the maximum number of

stop-accounting request

transmission attempts

retry stop-accounting retry-times

Optional

100 by default

z

If both the primary and secondary accounting servers are specified, the secondary one is used

when the primary one is not reachable.

z

It is recommended to specify only the primary HWTACACS accounting server if backup is not

required.

z

The IP addresses of the primary and secondary accounting servers cannot be the same.

Otherwise, the configuration fails.

z

You can remove an accounting server only when no active TCP connection for sending

accounting packets is using it.

z

Currently, HWTACACS does not support keeping accounts on FTP users.

Setting the shared keys for HWTACACS packets

The HWTACACS client and HWTACACS server use the MD5 algorithm to encrypt packets exchanged

between them and use shared keys to verify the packets. Only when they use the same key for an

exchanged packet can they receive the packets and make responses properly.

Follow these steps to set the shared keys for HWTACACS packets:

To do…

Use the command…

Remarks

Enter system view

system-view

—