H3C Technologies H3C S7500E Series Switches User Manual
Page 52
2-23
To do…
Use the command…
Remarks
Enter HWTACACS scheme view
hwtacacs scheme
hwtacacs-scheme-name
—
Set the shared keys for
HWTACACS authentication,
authorization, and accounting
packets
key { accounting | authentication |
authorization } string
Required
No shared key by default
Configuring attributes for data to be sent to the HWTACACS servers
Follow these steps to configure the attributes to be used for data that is to be sent to the HWTACACS
servers:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter HWTACACS scheme view
hwtacacs scheme
hwtacacs-scheme-name
—
Specify the format of the
username sent to an HWTACACS
server
user-name-format { keep-original |
with-domain | without-domain }
Optional
By default, the ISP domain name
is included in the username.
Specify the unit for data flows or
packets to be sent to an
HWTACACS server
data-flow-format { data { byte |
giga-byte | kilo-byte | mega-byte }
| packet { giga-packet | kilo-packet
| mega-packet | one-packet } }*
Optional
The defaults are as follows:
byte for data flows, and
one-packet for data packets.
z
If an HWTACACS server does not support a username with the domain name, you can configure
the device to remove the domain name before sending the username to the server.
z
For level switching authentication, the user-name-format keep-original and user-name-format
without-domain commands produce the same results, that is, usernames sent to the
HWTACACS server carry no ISP domain name.
Specifying the source IP address for HWTACACS packets to be sent
You can specify an IP address as the source address for HWTACACS packets to be sent on a NAS,
so that when the physical outbound interface fails, response packets from the HWTACACS server can
still arrive at the NAS.
You can specify the source IP address for HWTACACS packets to be sent in HWTACACS scheme
view for a specific HWTACACS scheme, or in system view for all HWTACACS schemes.