3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

Configuring HWTACACS Protocol 49

Configuring Source

Address for HWTACACS

Packets Sent by NAS

Perform the following configuration.

By default, no source address is specified and the source address to be carried in a

packet is the address of the interface where the packet is sent.

Setting a Key for

Securing the

Communication with

TACACS Server

When using a TACACS server as an AAA server, you can set a key to improve the

communication security between the security gateway and the TACACS server.

Perform the following configuration in HWTACACS view.

No key is configured by default.

Setting the Username

Format Acceptable to

the TACACS Server

Username is usually in the "userid@isp-name" format, with the domain name

following "@".

If a TACACS server does not accept the username with domain name, you can

remove the domain name and resend it to the TACACS server.

Perform the following configuration in HWTACACS view.

By default, each username sent to a TACACS server contains a domain name.

Setting the Unit of Data

Flows Destined for the

TACACS Server

Perform the following configuration in HWTACACS view.

Tab le 47 Configure the source address to be carried in HWTACACS packets sent by the

NAS

Operation Command

Configure the source address to be carried in HWTACACS

packets sent by the NAS(HWTACACS view).

nas-ip ip-address

Delete the configured source address to be carried in the

HWTACACS packets sent by the NAS (HWTACACS view).

undo nas-ip

Configure the source address to be carried in the hwtacacs

packets sent by the NAS(System view).

hwtacacs nas-ip ip-address

Cancel the configured source address to be carried in the

hwtacacs packets sent by the NAS(System view).

undo hwtacacs nas-ip

Tab le 48 Set a key for securing the communication with the TACACS server

Operation Command

Configure a key for securing the

communication with the TACACS

accounting, authorization or authentication

server.

key { accounting | authorization |

authentication } string

Delete the configuration.

undo key { accounting | authorization |

authentication }

Tab le 49 Set the username format acceptable to the TACACS server

Operation Command

Send username with domain name. user-name-format with-domain

Send username without domain name. user-name-format without-domain