Configuring hwtacacs parameters – H3C Technologies H3C SecPath F1000-E User Manual
Page 206
196
Configuration item
Description
Secondary Server TCP Port
Enter the TCP port of the secondary server.
Configure different TCP port numbers specific to the service types.
Shared Key
Select the box and type the shared key of the server in the field.
The HWTACACS client (the NAS) and HWTACACS server use the MD5
algorithm to encrypt packets exchanged between them and a shared key to
verify the packets. Only when the same key is used can they properly receive the
packets and make responses.
Confirm Shared Key
Enter the shared key for confirmation, which must be consistent with the shared
key.
Configuring HWTACACS parameters
1.
If the HWTACACS scheme system already exists, select User > HWTACACS > Parameter
Configuration from the navigation tree.
Figure 152 HWTACACS parameter configuration
2.
Configure HWTACACS parameters as described in
.
3.
Click Apply.
Table 54 Configuration items
Item Description
NAS-IP
Source IP address for the firewall to use in HWTACACS packets to be sent to the
HWTACACS server. Use a loopback interface address instead of a physical
interface address as the source IP address to make sure the response packets
from the server can reach the firewall when the physical interface is down.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS