HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 44
Specifying the shared keys for secure HWTACACS communication
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 44 highlights
When the switch receives a connection teardown request from a host or a connection teardown command from an administrator, it sends a stop-accounting request to the accounting server. You can enable buffering of non-responded stop-accounting requests to allow the switch to buffer and resend a stop-accounting request until it receives a response or the number of stop-accounting attempts reaches the configured limit. In the latter case, the switch discards the packet. Follow these guidelines when you specify HWTACACS accounting servers: • An HWTACACS server can function as the primary accounting server of one scheme and as the secondary accounting server of another scheme at the same time. • The IP addresses of the primary and secondary accounting servers cannot be the same. Otherwise, the configuration fails. • You can remove an accounting server only when no active TCP connection for sending accounting packets is using it. • HWTACACS does not support accounting for FTP users. To specify HWTACACS accounting servers and set relevant parameters for an HWTACACS scheme: Step 1. Enter system view. 2. Enter HWTACACS scheme view. 3. Specify HWTACACS accounting servers. 4. Enable buffering of stop-accounting requests to which no responses are received. 5. Set the maximum number of stop-accounting attempts. Command system-view hwtacacs scheme hwtacacs-scheme-name • Specify the primary HWTACACS accounting server: primary accounting ip-address [ port-number | vpn-instance vpn-instance-name ] * • Specify the secondary HWTACACS accounting server: secondary accounting ip-address [ port-number | vpn-instance vpn-instance-name ] * Remarks N/A N/A Configure at least one command. No accounting server is specified by default. stop-accounting-buffer enable Optional. Enabled by default. retry stop-accounting retry-times Optional. The default setting is 100. Specifying the shared keys for secure HWTACACS communication The HWTACACS client and HWTACACS server use the MD5 algorithm to authenticate packets exchanged between them and use shared keys for packet authentication and user passwords encryption. They must use the same key for the same type of communication. To specify a shared key for secure HWTACACS communication: Step 1. Enter system view. 2. Enter HWTACACS scheme view. Command system-view hwtacacs scheme hwtacacs-scheme-name Remarks N/A N/A 34