HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 45
Specifying the VPN to which the servers belong
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 45 highlights
Step 3. Specify a shared key for secure HWTACACS authentication, authorization, or accounting communication. Command key { accounting | authentication | authorization } [ cipher | simple ] key Remarks No shared key is specified by default. NOTE: A shared key configured on the switch must be the same as that configured on the HWTACACS server. Specifying the VPN to which the servers belong After you specify a VPN for an HWTACACS scheme, all the authentication, authorization, and accounting servers specified for the scheme belong to the VPN. However, if you also specify a VPN when specifying a server for the scheme, the server belongs to the specific VPN. To specify a VPN for an HWTACACS scheme: Step 1. Enter system view. 2. Enter HWTACACS scheme view. 3. Specify a VPN for the HWTACACS scheme. Command system-view hwtacacs scheme hwtacacs-scheme-name vpn-instance vpn-instance-name Setting the username format and traffic statistics units A username is usually in the format of userid@isp-name, where isp-name represents the name of the ISP domain the user belongs to and is used by the switch to determine which users belong to which ISP domains. However, some HWTACACS servers cannot recognize usernames that contain an ISP domain name. In this case, the switch must remove the domain name of each username before sending the username. You can set the username format on the switch for this purpose. The switch periodically sends accounting updates to HWTACACS accounting servers to report the traffic statistics of online users. For normal and accurate traffic statistics, make sure the unit for data flows and that for packets on the switch are consistent with those configured on the HWTACACS servers. Follow these guidelines when you set the username format and the traffic statistics units for an HWTACACS scheme: • If an HWTACACS server does not support a username that carries the domain name, configure the switch to remove the domain name before sending the username to the server. • For level switching authentication, the user-name-format keep-original and user-name-format without-domain commands produce the same results. They make sure usernames sent to the HWTACACS server carry no ISP domain name. To set the username format and the traffic statistics units for an HWTACACS scheme: Step 1. Enter system view. 2. Enter HWTACACS scheme view. Command system-view hwtacacs scheme hwtacacs-scheme-name Remarks N/A N/A 35