Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
41424344454647484950
46 CHAPTER 4: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION
By default, a local RADIUS authentication server with the NAS-IP as 127.0.0.1 and
key as 3com is created.
n
When the local RADIUS authentication server function is enabled, the UDP port
number for the authentication/authorization services must be 1645 and that for
the accounting service must be 1646.
The packet key password configured here must be the same with the
authentication/authorization packet key password configured in the key
authentication command in RADIUS view.
The device supports 16 local RADIUS authentication servers at most, including
default ones created by the system.
Configuring
HWTACACS Protocol
The configuration tasks of HWTACACS include:
Create a HWTACACS scheme
Configure TACACS authentication servers
Configure TACACS authorization servers
Configure TACACS accounting servers
Configure a key for securing the communication with a TACACS server
Set the username format acceptable to a TACACS server
Set the unit of data flows destined for a TACACS server
Configure the source address to be carried by the HWTACACS packets sent by
NAS
Set timers regarding TACACS server
n
In contrast to the settings in RADIUS server, note the following points when
configuring a TACACS server:
The system does not check whether users are using the current HWTACACS
scheme when you change most of its attributes, except when you delete the
scheme.
By default, the TACACS server has no key.
Among these configuration tasks, creating a HWTACAS scheme and configuring
TACACS authentication/authorization server are mandatory, while others are
arbitrary at your discretion.
Creating a HWTACAS
scheme
As aforementioned, HWTACACS protocol is configured scheme by scheme.
Therefore, you must create a HWTACACS scheme and enter HWTACACS view
before you perform other configuration tasks.
Perform the following configuration in system view.
Tabl e 42 Create a HWTACACS scheme
Operation Command
Create a HWTACACS scheme and enter
HWTACACS view.
hwtacacs scheme hwtacacs-scheme-name