< Home

Creating and Configuring an HWTACACS Server Template

This section provides a sample of creating and configuring an HWTACACS server template using the create method.

Table 1 Creating and configuring an HWTACACS server template

Operation

XPATH

edit-config:create

 /huawei-aaa-hwtacacs:hwtacacs/hwtacacs-server

Data Requirements

Item

Data

Description
Name of an HWTACACS server template test Create an HWTACACS server template named test.
Name of the vsys public Configure the name of vsys to public.
Primary HWTACACS authentication, authorization, and accounting servers IP address: 10.1.1.1 Set the IP address of primary HWTACACS authentication, authorization, and accounting servers to 10.1.1.1.
Port number: 1000 Set the port number of primary HWTACACS authentication, authorization, and accounting servers to 1000.
Secondary HWTACACS authentication, authorization, and accounting servers IP address: 10.2.2.2 Set the IP address of secondary HWTACACS authentication, authorization, and accounting servers to 10.2.2.2.
Port number: 1001 Set the port number of secondary HWTACACS authentication, authorization, and accounting servers to 1001.
VPN instance to which servers belong: vpn1 Set the VPN instance to which secondary HWTACACS authentication, authorization, and accounting servers belong to vpn1.
Source IP address of the switch to communicate with HWTACACS server 192.168.10.1 Set the source IP address for communication between the switch and HWTACACS servers to 192.168.10.1.
Shared key of the switch and HWTACACS server Huawei@123 Set the shared key of the HWTACACS servers to Huawei@123.
Whether the packets sent to the HWTACACS server contain domain name false Configure that the packets sent to the HWTACACS servers do not contain domain name.

Request Example

<?xml version='1.0' encoding='UTF-8'?>
<rpc message-id="1" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <edit-config>
    <target>
      <running/>
    </target>
    <config>
      <hw-aaa-hwtacacs:hwtacacs xmlns:hw-aaa-hwtacacs="urn:huawei:params:xml:ns:yang:huawei-aaa-hwtacacs">
        <hw-aaa-hwtacacs:hwtacacs-server xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" xc:operation="create">
          <hw-aaa-hwtacacs:name>test</hw-aaa-hwtacacs:name>
          <hw-aaa-hwtacacs:vsys>public</hw-aaa-hwtacacs:vsys>
          <hw-aaa-hwtacacs:primary-authentication-server>
            <hw-aaa-hwtacacs:server-ip-address>10.1.1.1</hw-aaa-hwtacacs:server-ip-address>
            <hw-aaa-hwtacacs:port>1000</hw-aaa-hwtacacs:port>
          </hw-aaa-hwtacacs:primary-authentication-server>
          <hw-aaa-hwtacacs:secondary-authentication-server>
            <hw-aaa-hwtacacs:server-ip-address>10.2.2.2</hw-aaa-hwtacacs:server-ip-address>
            <hw-aaa-hwtacacs:port>1001</hw-aaa-hwtacacs:port>
            <hw-aaa-hwtacacs:vpn-instance>vpn1</hw-aaa-hwtacacs:vpn-instance>
          </hw-aaa-hwtacacs:secondary-authentication-server>
          <hw-aaa-hwtacacs:primary-authorization-server>
            <hw-aaa-hwtacacs:server-ip-address>10.1.1.1</hw-aaa-hwtacacs:server-ip-address>
            <hw-aaa-hwtacacs:port>1000</hw-aaa-hwtacacs:port>
          </hw-aaa-hwtacacs:primary-authorization-server>
          <hw-aaa-hwtacacs:secondary-authorization-server>
            <hw-aaa-hwtacacs:server-ip-address>10.2.2.2</hw-aaa-hwtacacs:server-ip-address>
            <hw-aaa-hwtacacs:port>1001</hw-aaa-hwtacacs:port>
            <hw-aaa-hwtacacs:vpn-instance>vpn1</hw-aaa-hwtacacs:vpn-instance>
          </hw-aaa-hwtacacs:secondary-authorization-server>
          <hw-aaa-hwtacacs:primary-accounting-server>
            <hw-aaa-hwtacacs:server-ip-address>10.1.1.1</hw-aaa-hwtacacs:server-ip-address>
            <hw-aaa-hwtacacs:port>1000</hw-aaa-hwtacacs:port>
          </hw-aaa-hwtacacs:primary-accounting-server>
          <hw-aaa-hwtacacs:secondary-accounting-server>
            <hw-aaa-hwtacacs:server-ip-address>10.2.2.2</hw-aaa-hwtacacs:server-ip-address>
            <hw-aaa-hwtacacs:port>1001</hw-aaa-hwtacacs:port>
            <hw-aaa-hwtacacs:vpn-instance>vpn1</hw-aaa-hwtacacs:vpn-instance>
          </hw-aaa-hwtacacs:secondary-accounting-server>
          <hw-aaa-hwtacacs:ip-address>192.168.10.1</hw-aaa-hwtacacs:ip-address>
          <hw-aaa-hwtacacs:shared-key>Huawei@123</hw-aaa-hwtacacs:shared-key>
          <hw-aaa-hwtacacs:options>
            <hw-aaa-hwtacacs:user-name>
              <hw-aaa-hwtacacs:domain-include>false</hw-aaa-hwtacacs:domain-include>
            </hw-aaa-hwtacacs:user-name>
          </hw-aaa-hwtacacs:options>
        </hw-aaa-hwtacacs:hwtacacs-server>
      </hw-aaa-hwtacacs:hwtacacs>
    </config>
  </edit-config>
</rpc>

Response Example

# Sample of successful response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
  <ok/>
</rpc-reply>
# Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
  <rpc-error>
    <error-app-tag>-1</error-app-tag>
    <error-message> The VPN instance does not exist.</error-message>
    <error-info>Error on node /huawei-aaa-hwtacacs:hwtacacs/hwtacacs-server[name="test",vsys="public"]/primary-accounting-server</error-info>
  </rpc-error>
</rpc-reply>
Parent Topic: Configuring an HWTACACS Server Template
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >