H3C Technologies H3C S3100 Series Switches User Manual

2-28

Operation

Command

Remarks

Create an HWTACACS scheme
and enter its view

hwtacacs scheme
hwtacacs-scheme-name

Required

By default, no HWTACACS
scheme exists.

Set a shared key for HWTACACS
authentication, authorization or
accounting messages

key { accounting |
authorization |
authentication } string

Required

By default, no such key is set.

Configuring the Attributes of Data to be Sent to TACACS Servers

Table 2-30 Configure the attributes for data to be sent to TACACS servers

Operation

Command

Remarks

Enter system view

system-view

—

Create an HWTACACS
scheme and enter its view

hwtacacs scheme
hwtacacs-scheme-name

Required

By default, no HWTACACS
scheme exists.

Set the format of the user
names to be sent to
TACACS server

user-name-format
{ with-domain |
without-domain }

Optional

By default, the user names sent
from the switch to TACACS
server carry ISP domain
names.

data-flow-format data { byte |
giga-byte | kilo-byte |
mega-byte }

Set the units of data flows to
TACACS servers

data-flow-format packet
{ giga-packet | kilo-packet |
mega-packet | one-packet }

Optional

By default, in a TACACS
scheme, the data unit and
packet unit for outgoing
HWTACACS flows are byte
and one-packet respectively.

HWTACACS scheme view

nas-ip ip-address

Set the source IP address of
outgoing HWTACACS
messages

System view

hwtacacs nas-ip ip-address

Optional

By default, no source IP
address is set; the IP address
of the corresponding outbound
interface is used as the source
IP address.

Generally, the access users are named in the userid@isp-name or userid.isp-name format. Where,

isp-name after the “@” or “.” character represents the ISP domain name. If the TACACS server does not

accept the user names that carry ISP domain names, it is necessary to remove domain names from

user names before they are sent to TACACS server.