No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Security

AR500, AR510, and AR530 V200R007

This document describes the configurations of Security, including AAA, DAA,NAC, BRAS Access, ACL, Firewall, Deep Security Defense, Local Attack Defense;Attack Defense, Traffic Suppression, ARP Security, Port Security, DHCP Snooping, IPSG, URPF, PKI, SSL, HTTPS, Keychain, separating the management plane from the service plane, security risks.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an HWTACACS Server Template

Configuring an HWTACACS Server Template

Context

In an HWTACACS server template, you must specify the IP address, port number, and shared key of a specified HWTACACS server. Other settings such as the HWTACACS user name format and traffic unit have default values and can be changed based on network requirements.

The HWTACACS server template settings such as the HWTACACS user name format and shared key must be the same as those on the HWTACACS server.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    hwtacacs enable

    HWTACACS is enabled.

    By default, HWTACACS is enabled.

  3. Run:

    hwtacacs-server template template-name

    An HWTACACS server template is created and the HWTACACS server template view is displayed.

  4. Run:

    hwtacacs-server authentication ip-address [ port ] [ public-net | vpn-instance vpn-instance-name ] [ weight weight-value ] or hwtacacs-server authentication ipv6-address [ port ] [ public-net ] [ weight weight-value ]

    The HWTACACS authentication server is configured.

    By default, no HWTACACS authentication server is configured.

  5. Run:

    hwtacacs-server authorization ip-address [ port ] [ public-net | vpn-instance vpn-instance-name ] [ weight weight-value ] or hwtacacs-server authorization ipv6-address [ port ] [ public-net ] [ weight weight-value ]

    The HWTACACS authorization server is configured.

    By default, no HWTACACS authorization server is configured.

  6. Run:

    hwtacacs-server accounting ip-address [ port ] [ public-net | vpn-instance vpn-instance-name ] [ weight weight-value ] or hwtacacs-server accounting ipv6-address [ port ] [ public-net ] [ weight weight-value ]

    The HWTACACS accounting server is configured.

    By default, no HWTACACS accounting server is configured.

  7. (Optional) Run:

    hwtacacs-server user-name domain-included or hwtacacs-server user-name original

    The HWTACACS user name format is configured.

    By default, the device does not modify the user name entered by the user in the packets sent to the HWTACACS server.

  8. (Optional) Run:

    hwtacacs-server source-ip ip-address or hwtacacs-server source-ipv6 ipv6-address

    The HWTACACS source IP address or source IPv6 address is set.

    By default, no source IP address encapsulated in HWTACACS packets is configured. The device uses the IP address of the actual outbound interface as the source IP address in HWTACACS packets.

    After you set the source IP address of HWTACACS packets on the device, this IP address is used by the device to communicate with the HWTACACS server. The HWTACACS server also uses a specified IP address to communicate with the device.

  9. (Optional) Run:

    hwtacacs-server shared-key cipher key-string

    The HWTACACS shared key is configured.

    By default, no HWTACACS shared key is configured.

  10. (Optional) Run:

    hwtacacs-server traffic-unit { byte | kbyte | mbyte | gbyte }

    The HWTACACS traffic unit is set.

    The default HWTACACS traffic unit is byte on the device.

  11. (Optional) Run:

    hwtacacs-server timer response-timeout interval

    The response timeout interval for the HWTACACS server is set.

    By default, the response timeout interval for an HWTACACS server is 5 seconds.

    If the device does not receive the response from the HWTACACS server within the timeout period, the HWTACACS server is faulty. The device then uses other authentication and authorization methods.

  12. (Optional) Run:

    hwtacacs-server timer quiet interval

    The interval for the HWTACACS server to return to the active state is set.

    By default, the interval for the HWTACACS server to return to the active state is 5 minutes.

  13. Run:

    quit

    The system view is displayed.

  14. (Optional) Run:

    hwtacacs-server accounting-stop-packet resend { disable | enable number }

    Retransmission of accounting-stop packets is enabled.

    By default, the retransmission function is enabled and the number of retransmission times is 100.

  15. Run:

    return

    The user view is displayed.

  16. (Optional) Run:

    hwtacacs-user change-password hwtacacs-server template-name

    The password saved on the HWTACACS server is changed.

    To ensure device security, change the password regularly.

Translation
Download
Updated: 2019-05-25

Document ID: EDOC1000097287

Views: 12988

Downloads: 40

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next