3Com Switch 7750 Configuration Guide Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

511

512

513

514

515

516

517

518

519

520

HWTACACS Configuration 513

by using the shared keys that have been set on them, and can accept and respond

to the packets sent from each other only if both of them have the same shared

keys.

Configuring the

Attributes for Data to be

Sent to TACACS Servers

CAUTION: Generally, the access users are named in the userid@isp-name format.

Where, isp-name behind the @ character represents the ISP domain name. If the

TACACS server does not accept the user name carrying isp domain name, it is

necessary to remove the domain name from the user names before they are sent

to the TACACS server.

Table 397 Configure shared keys for TACACS packets

Operation Command Description

Enter system view system-view -

Create a HWTACACS scheme

and enter its view

hwtacacs scheme

hwtacacs-scheme-name

Required

By default, no HWTACACS

scheme exists.

Set a shared key for the

HWTACACS

accounting/authentication/aut

horization packets

key { accounting |

authorization |

authentication } string

Required

By default, the TACACS server

does not have a key.

Table 398 Configure the attributes for data to be sent to TACACS servers

Operation Command Description

Enter system view system-view -

Create a HWTACACS scheme

and enter its view

hwtacacs scheme

hwtacacs-scheme-name

Required

By default, no HWTACACS

scheme exists.

Set the format of the user

names to be sent to TACACS

servers

user-name-format {

with-domain |

without-domain }

Optional

By default, the user names

sent from the switch to

TACACS servers carry ISP

domain names.

Set the units of measure for

data flows sent to TACACS

servers

data-flow-format data {

byte | giga-byte | kilo-byte |

mega-byte }

Optional

By default, in a TACACS

scheme, the unit of measure

for data is byte and that for

packets is one-packet.

data-flow-format packet {

giga-packet | kilo-packet |

mega-packet | one-packet }

Set the source IP address used

by the switch to send

HWTACACS packets

HWTACACS view

nas-ip ip-address

Optional

By default, no source IP

address is specified; the IP

address of the outbound

interface is used as the source

IP address.

System view

hwtacacs nas-ip ip-address