2-27Configuring TACACS Accounting ServersTable 2-28 Configure TACACS accounting serversOperation Command RemarksEnter system view system-view —Create an HWTACACSscheme and enter its viewhwtacacs schemehwtacacs-scheme-nameRequiredBy default, no HWTACACSscheme exists.Set the IP address and portnumber of the primaryTACACS accounting serverprimary accountingip-address [ port ]RequiredBy default, the IP address ofthe primary accounting serveris 0.0.0.0, and the port numberis 0.Set the IP address and portnumber of the secondaryTACACS accounting serversecondary accountingip-address [ port ]RequiredBy default, the IP address ofthe secondary accountingserver is 0.0.0.0, and the portnumber is 0.Enable the stop-accountingmessage retransmissionfunction and set the maximumnumber of transmissionattempts of a bufferedstop-accounting messageretry stop-accountingretry-timesOptionalBy default, the stop-accountingmessages retransmissionfunction is enabled and thesystem can transmit a bufferedstop-accounting request for100 times.z You are not allowed to configure the same IP address for both primary and secondary accountingservers. If you do this, the system will prompt that the configuration fails.z You can remove a server only when it is not used by any active TCP connection for sendingaccounting messages.Configuring Shared Keys for HWTACACS MessagesWhen using a TACACS server as an AAA server, you can set a key to improve the communicationsecurity between the switch and the TACACS server.The TACACS client and server adopt MD5 algorithm to encrypt HWTACACS messages before they areexchanged between the two parties. The two parties verify the validity of the HWTACACS messagesreceived from each other by using the shared keys that have been set on them, and can accept andrespond to the messages only when both parties have the same shared key.Table 2-29 Configure shared keys for HWTACACS messagesOperation Command RemarksEnter system view system-view —