Is HWTACACS supported by S series switches compatible with TACACS+

74

Both HWTACACS supported by Huawei S series switches (except S1700 switches) and TACACS+ supported by devices from other vendors provide authentication, authorization, and accounting functions, and use the same authentication process and implementation. That is, they are compatible with each other at the protocol layer. For example, a switch running HWTACACS can communicate with a Cisco server (such as ACS). However, HWTACACS may not be compatible with Cisco extended attributes because different vendors define different fields and meanings for extended attributes.

Other related questions:
Is HWTACACS compatible with TACACS+
HWTACACS and the TACACS+ protocols of other vendors support authentication, authorization, and accounting. HWTACACS and TACACS+ are identical in authentication process and implementation mechanism. That is, they are compatible with each other at the protocol layer. For example, a device running HWTACACS can communicate with a Cisco server (such as ACS); however, HWTACACS may not be compatible with Cisco extended attributes because different vendors define different fields and meanings for extended attributes.

Whether S series switches support HWTACACS
S series switches (except S1700 switches) support HWTACACS.

How is PoE of an S series switch compatible with non-standard PDs
PoE of an S series switch is compatible with non-standard PDs as follows: When a non-standard PD is connected to a switch, the switch cannot detect proper resistance and identify the PD. 1. You can enable the compatibility check function so that the switch can detect PDs that do not comply with 802.3af or 802.3at standard and provide power to these non-standard PDs. - Run the poe legacy enable command in the interface view to enable a switch to check compatibility of the non-standard PDs. 2. If a PD supporting 48 V PoE cannot be powered on, you can run the poe force-power command in the interface view to forcibly power on the PD. 3. Some non-standard PDs support low current in compliance with 802.3af, but not high current in compliance with 802.3at. - Run the poe af-inrush enable command in the system view to modify the PoE power supply mode to low current in compliance with 802.3af. - After the configuration, remove and then reinstall the non-standard PD so that the PD can be powered on normally. - The configuration takes effect on the switch or some slots, which may affect 802.3at-compliant PDs powered on at high current. Exercise caution when running this command. For details, see Tell You About PoE.

Why does HWTACACS authentication fail when the HWTACACS configuration is correct
The HWTACACS server template configuration of the AR is correct. In AAA mode, the HWTACACS authentication configuration and configuration of the remote TACACS server are correct. The possible causes for HWTACACS authentication failures are as follows: - The client's IP address is not configured on the TACACS server, so the TACACS server does not send authentication packets. - Different shared keys are configured on the AR and TACACS server.

What are the possible causes for SSH and TACACS authentication failure on S series switches
For S series switches (except S1700 switches), SSH and TACACS authentication failure is commonly caused by no default authentication mode for SSH users. If no authentication mode is specified for SSH users, users cannot access the Internet through SSH. To solve the problem, run the ssh authentication-type default password command to configure password authentication for SSH users when configuring SSH authentication.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top