HWTACACS

Context

HWTACACS prevents unauthorized users from attacking a network and supports command-line authorization. Compared with RADIUS, HWTACACS is more reliable in transmission and encryption, and is more suitable for security control.

Procedure

Enable or disable HWTACACS.
1. Choose Configuration > Security Services > AAA and click the HWTACACS tab, as shown in Figure 1.
  Figure 1 HWTACACS configuration
2. Set the HWTACACS function status to ON or OFF.
3. Click Apply. In the dialog box that is displayed, click OK.

Configure an HWTACACS server profile.

Create an HWTACACS server profile.

Choose Configuration > Security Services > AAA and click the HWTACACS tab.

Click Create in HWTACACS Server Profile to open the Create HWTACACS server profile page, as shown in Figure 2.

Figure 2 Create HWTACACS server profile page

Table 1 describes the parameters on the page.

**Table 1** Parameters for creating an HWTACACS server profile
Parameter	Description
Profile name	Name of an HWTACACS server profile.
Key	Shared key for the HWTACACS server.
User name	User name format in packets sent from the device to the HWTACACS server. Original user name: The device does not modify the user name entered by the user in the packets sent to the HWTACACS server. With domain name: The device encapsulates the domain name in the user name when sending RADIUS packets to the HWTACACS server. Without domain name: The device does not encapsulate the domain name in the user name when sending RADIUS packets to the HWTACACS server.
Source address of outgoing packets	Source IP address used by a device to communicate with an HWTACACS server.

Set parameters for the HWTACACS server.
Click OK.

Modify an HWTACACS server profile.
1. Choose Configuration > Security Services > AAA and click the HWTACACS tab.
2. Select an HWTACACS server profile in HWTACACS Server Profile to open the HWTACACS server profile modification page.
3. Modify parameters for the HWTACACS server. Table 1 describes the parameters for modifying an HWTACACS server profile.
4. Click OK.

Configure an Authentication/Authorization/Accounting server.

Create an Authentication/Accounting server.

Choose Configuration > Security Services > AAA and click the HWTACACS tab.

Click Create in Authentication/Authorization/Accounting Server to open the Create Authentication/Authorization/Accounting Server page, as shown in Figure 3.

Figure 3 Create Authentication/Authorization/Accounting Server page
click to enlarge

Table 2 describes the parameters on the page.

**Table 2** Parameters for creating an Authentication/Authorization/Accounting server
Parameter	Description
Profile name	Name of an HWTACACS server profile.
Server type	Server type, which can be an authentication, authorization, or accounting server.
Primary Server Configuration
Primary server IPv4 address	IPv4 address of the primary server.
Primary server IPv4 port number	IPv4 port number of the primary server.
IPV4 VPN instance name	IPV4 VPN instance of the primary server. Click , create and select a VPN instance.
Primary server IPv6 address	IPv6 address of the primary server.
Primary server IPv6 port number	IPv6 port number of the primary server.
IPV6 VPN instance name	IPV6 VPN instance of the primary server. Click , create and select a VPN instance.
Secondary Server Configuration
Secondary server IPv4 address	IPv4 address of the secondary server.
Secondary server IPv4 port number	IPv4 port number of the secondary server.
IPV4 VPN instance name	IPV4 VPN instance of the secondary server. Click , create and select a VPN instance.
Secondary server IPv6 address	IPv6 address of the secondary server.
Secondary server IPv6 port number	IPv6 port number of the secondary server.
IPV6 VPN instance name	IPV6 VPN instance of the secondary server. Click , create and select a VPN instance.
Third Server Configuration
Third server IPv4 address	IPv4 address of the third server.
Third server IPv4 port number	IPv4 port number of the third server.
IPV4 VPN instance name	IPV4 VPN instance of the third server. Click , create and select a VPN instance.
Third server IPv6 address	IPv6 address of the third server.
Third server IPv6 port number	IPv6 port number of the third server.
IPV6 VPN instance name	IPV6 VPN instance of the third server. Click , create and select a VPN instance.
Fourth Server Configuration
Fourth server IPv4 address	IPv4 address of the fourth server.
Fourth server IPv4 port number	IPv4 port number of the fourth server.
IPV4 VPN instance name	IPV4 VPN instance of the fourth server. Click , create and select a VPN instance.
Fourth server IPv6 address	IPv6 address of the fourth server.
Fourth server IPv6 port number	IPv6 port number of the fourth server.
IPV6 VPN instance name	IPV6 VPN instance of the fourth server. Click , create and select a VPN instance.

Set parameters for the Authentication/Authorization/Accounting server.
Click OK.

Modify an Authentication/Authorization/Accounting server.
1. Choose Configuration > Security Services > AAA and click the HWTACACS tab.
2. Click the profile to modify in Authentication/Authorization/Accounting Server. The page for modifying an Authentication/Authorization/Accounting server is displayed.
3. Modify parameters of the Authentication/Authorization/Accounting server. For description of the parameters, see Table 2.
4. Click OK.