R3102-R3103-HP 6600/HSR6600 Routers Security Command Reference
105
Parameters
accounting: Sets the shared key for secure HWTACACS accounting communication.
authentication: Sets the shared key for secure HWTACACS authentication communication.
authorization: Sets the shared key for secure HWTACACS authorization communication.
cipher: Sets a ciphertext shared key.
simple: Sets a plaintext shared key.
key: Specifies the shared key string. This argument is case sensitive. If simple is specified, it must be a
string of 1 to 255 characters. If cipher is specified, it must be a ciphertext string of 1 to 373 characters.
If neither cipher nor simple is specified, you set a plaintext shared key string. In FIPS mode, the shared
key must be a string of at least 8 characters that contain numbers, uppercase letters, lowercase letters,
and special characters.
Usage guidelines
The shared keys configured on the device must match those configured on the HWTACACS servers.
For secrecy, all shared keys, including keys configured in plain text, are saved in cipher text.
In FIPS mode, the shared key is encrypted and decrypted by using 3DES.
Examples
# Set the shared key for secure HWTACACS accounting communication to hello in plain text for
HWTACACS scheme hwt1.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] key accounting simple hello
# Set the shared key for secure HWTACACS accounting communication to hello in plain text for
HWTACACS scheme hwt1.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] key accounting hello
# Set the shared key for secure HWTACACS accounting communication to
$c$3$jaeN0ej15fjuHKeuVh8mqicHzaHdMw== in cipher text for HWTACACS scheme hwt1.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] key accounting cipher $c$3$jaeN0ej15fjuHKeuVh8mqicHzaHdMw==
Related commands
display hwtacacs
nas-ip (HWTACACS scheme view)
Use nas-ip to specify a source IP address for outgoing HWTACACS packets.
Use undo nas-ip to restore the default.
Syntax
nas-ip ip-address
undo nas-ip