Operation Manual – AAAH3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration2-28Operation Command RemarksEnable thestop-accounting messageretransmission functionand set the maximumnumber of transmissionattempts of a bufferedstop-accounting messageretry stop-accountingretry-timesOptionalBy default, thestop-accountingmessages retransmissionfunction is enabled andthe system can transmit abuffered stop-accountingrequest for 100 times.Caution:z You are not allowed to configure the same IP address for both primary andsecondary accounting servers. If you do this, the system will prompt that theconfiguration fails.z You can remove a server only when it is not used by any active TCP connection forsending accounting messages.2.3.5 Configuring Shared Keys for HWTACACS MessagesWhen using a TACACS server as an AAA server, you can set a key to improve thecommunication security between the switch and the TACACS server.The TACACS client and server adopt MD5 algorithm to encrypt HWTACACS messagesbefore they are exchanged between the two parties. The two parties verify the validityof the HWTACACS messages received from each other by using the shared keys thathave been set on them, and can accept and respond to the messages only when bothparties have the same shared key.Table 2-28 Configure shared keys for HWTACACS messagesOperation Command RemarksEnter system view system-view —Create a HWTACACSscheme and enter its viewhwtacacs schemehwtacacs-scheme-nameRequiredBy default, noHWTACACS schemeexists.Set a shared key forHWTACACSauthentication,authorization oraccounting messageskey { accounting |authorization |authentication } stringRequiredBy default, no such key isset.