HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 42
Specifying the shared keys for secure HWTACACS communication, Specifying a VPN for the scheme
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 42 highlights
Step 3. Specify HWTACACS accounting servers. Command • Specify the primary HWTACACS accounting server: primary accounting { ipv4-address | ipv6 ipv6-address } [ port-number | key { cipher | simple } string | vpn-instance vpn-instance-name ] * • Specify a secondary HWTACACS accounting server: secondary accounting { ipv4-address | ipv6 ipv6-address } [ port-number | key { cipher | simple } string | vpn-instance vpn-instance-name ] * Remarks Configure at least one command. By default, no accounting server is specified. Two HWTACACS accounting servers in a scheme, primary or secondary, cannot have the same combination of IP address, port number, and VPN. Specifying the shared keys for secure HWTACACS communication The HWTACACS client and server use the MD5 algorithm and shared keys to generate the Authenticator value for packet authentication and user password encryption. They must use the same key for each type of communication To specify a shared key for secure HWTACACS communication: Step 1. Enter system view. 2. Enter HWTACACS scheme view. 3. Specify a shared key for secure HWTACACS authentication, authorization, or accounting communication. Command Remarks system-view N/A hwtacacs scheme hwtacacs-scheme-name N/A key { accounting | authentication | authorization } { cipher | simple } string By default, no shared key is specified. The shared key configured on the device must be the same as that configured on the HWTACACS server. Specifying a VPN for the scheme The VPN specified for an HWTACACS scheme applies to all servers in that scheme. If a VPN is also configured for an individual HWTACACS server, the VPN specified for the HWTACACS scheme does not take effect on that server. To specify a VPN for an HWTACACS scheme: Step 1. Enter system view. 2. Enter HWTACACS scheme view. 3. Specify a VPN for the HWTACACS scheme. Command system-view hwtacacs scheme hwtacacs-scheme-name vpn-instance vpn-instance-name Remarks N/A N/A By default, an HWTACACS scheme belongs to the public network. 33