R21xx-HP FlexFabric 11900 Security Command Reference
55
Usage guidelines
An HWTACACS scheme can be referenced by more than one ISP domain at the same time.
You can configure up to 16 HWTACACS schemes.
Examples
# Create an HWTACACS scheme named hwt1 and enter its view.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1]
Related commands
display hwtacacs scheme
key (HWTACACS scheme view)
Use key to set the shared key for secure HWTACACS authentication, authorization, or accounting
communication.
Use undo key to remove the configuration.
Syntax
key { accounting | authentication | authorization } { cipher | simple } string
undo key { accounting | authentication | authorization }
Default
No shared key is configured.
Views
HWTACACS scheme view
Predefined user roles
network-admin
Parameters
accounting: Sets the shared key for secure HWTACACS accounting communication.
authentication: Sets the shared key for secure HWTACACS authentication communication.
authorization: Sets the shared key for secure HWTACACS authorization communication.
cipher: Sets a ciphertext shared key.
simple: Sets a plaintext shared key.
string: Specifies the shared key string. This argument is case sensitive. In non-FIPS mode, a ciphertext
password is a string of 1 to 373 characters and a plaintext password is a string of 1 to 255 characters.
In FIPS mode, a ciphertext password is a string of 15 to 373 characters and a plaintext password is a
string of 15 to 255 characters that must contain numbers, uppercase letters, lowercase letters, and
special characters.
Usage guidelines
The shared keys configured on the device must match those configured on the HWTACACS servers.
For security purpose, all shared keys, including shared keys configured in plain text, are saved in
ciphertext.