3com S7906E 安装指导

 

1-38 

z 

It is recommended to specify only the primary HWTACACS accounting server if backup is not 

required.  

z 

If both the primary and secondary accounting servers are specified, the secondary one is used 

when the primary one is not reachable. 

z 

The IP addresses of the primary and secondary accounting servers cannot be the same. Otherwise, 

the configuration fails.  

z 

You can remove an accounting server only when no active TCP connection for sending accounting 

packets is using it. 

z 

Currently, HWTACACS does not support keeping accounts on FTP users. 

 

When using an HWTACACS server as an AAA server, you can set a key to secure the communications 

between the device and the HWTACACS server. 

The HWTACACS client and HWTACACS server use the MD5 algorithm to encrypt packets exchanged 

between them and a shared key to verify the packets. Only when the same key is used can they 

properly receive the packets and make responses. 

Follow these steps to set the shared key for HWTACACS packets: 

Enter system view 

— 

Enter HWTACACS scheme 
view 

hwtacacs scheme 
hwtacacs-scheme-name 

— 

Set the shared keys for 
HWTACACS authentication, 
authorization, and accounting 
packets 

key { accounting | 
authentication | 
authorization } string 

Required 

No shared key exists by 
default. 

 

Follow these steps to configure the attributes related to the data sent to the HWTACACS server: 

Enter system view 

— 

Enter HWTACACS scheme view 

hwtacacs scheme 
hwtacacs-scheme-name 

— 

Specify the format of the 
username to be sent to an 
HWTACACS server 

user-name-format 
{ keep-original

 | 

with-domain | 
without-domain } 

Optional 

By default, the ISP domain 
name is included in the 
username.