3com WX3000 Manuel D’Utilisation

 

2-23 

The TACACS client and server adopt MD5 algorithm to encrypt HWTACACS messages before they are 

exchanged between the two parties. The two parties verify the validity of the HWTACACS messages 

received from each other by using the shared keys that have been set on them, and can accept and 

respond to the messages only when both parties have the same shared key. 

Follow these steps to configure shared keys for HWTACACS messages: 

Enter system view 

— 

Create a HWTACACS scheme 
and enter its view 

hwtacacs scheme 
hwtacacs-scheme-name 

Required 

By default, no HWTACACS 
scheme exists. 

Set a shared key for 
HWTACACS authentication, 
authorization or accounting 
messages 

key { accounting | 
authorization | 
authentication } string 

Required 

By default, no such key is set. 

 

Follow these steps to configure the attributes for data to be sent to TACACS servers: 

Enter system view 

— 

Create a HWTACACS scheme 
and enter its view 

hwtacacs scheme 
hwtacacs-scheme-name 

Required 

By default, no HWTACACS 
scheme exists. 

Set the format of the user 
names to be sent to TACACS 
server 

user-name-format 
{ with-domain | 
without-domain } 

Optional 

By default, the user names sent 
from the device to TACACS 
server carry ISP domain 
names. 

data-flow-format data { byte | 
giga-byte | kilo-byte | 
mega-byte }  

Set the units of data flows to 
TACACS servers 

data-flow-format packet 
{ giga-packet | kilo-packet | 
mega-packet | one-packet } 

Optional 

By default, in a TACACS 
scheme, the data unit and 
packet unit for outgoing 
HWTACACS flows are byte 
and one-packet respectively. 

HWTACACS scheme view 

nas-ip ip-address 

Set the source IP address of 
outgoing HWTACACS 
messages 

System view 

hwtacacs nas-ip ip-address 

Optional 

By default, no source IP 
address is set; the IP address 
of the corresponding outbound 
interface is used as the source 
IP address.