Support User Manuals

3Com 5500-SI Switch User Manual

Open as PDF

of 686

618 CHAPTER 33: HWTACACS CONFIGURATION

Configuring Source

Address for HWTACACS

Packets Sent by NAS

Perform the following configuration in the corresponding view.

The HWTACACS view takes precedence over the system view when configuring the

source address for HWTACACS packets sent from the NAS.

By default, the source address is not specified, and the interface address for packet

sending is used as the source address.

Setting a Key for

Securing the

Communication with

TACACS Server

When using a TACACS server as an AAA server, you can set a key to improve the

communication security between the switch and the TACACS server.

Perform the following configuration in HWTACACS view.

No key is configured by default.

Setting the Username

Format Acceptable to

the TACACS Server

Username is usually in the “userid@isp-name” format, with the domain name

following “@”.

If a TACACS server does not accept the username with domain name, you can

remove the domain name and resend it to the TACACS server.

Perform the following configuration in HWTACACS view.

By default, each username sent to a TACACS server contains a domain name.

Table 676 Configuring source address for HWTACACS packets sent by the NAS

Operation Command

Configure the source address for HWTACACS packets sent

from the NAS (HWTACACS view).

nas-ip ip-address

Delete the configured source address for HWTACACS

packets sent from the NAS (HWTACACS view).

undo nas-ip

Configure the source address for HWTACACS packets sent

from the NAS (System view).

hwtacacs nas-ip ip-address

Cancel the configured source address for HWTACACS

packets sent from the NAS (System view).

undo hwtacacs nas-ip

Table 677 Setting a key for securing the communication with the HWTACACS server

Operation Command

Configure a key for securing the communication

with the accounting, authorization or

authentication server

key { accounting | authorization |

authentication } string

Delete the configuration undo key { accounting | authorization |

authentication }

Table 678 Setting the username format acceptable to the TACACS server

Operation Command

Send username with domain name. user-name-format with-domain

Send username without domain name. user-name-format without-domain

previous next