Operation Manual – AAA
H3C S3100 Series Ethernet Switches
Chapter 2 AAA Configuration
2-26
2.3.2 Configuring TACACS Authentication Servers
Table 2-25
Configure TACACS authentication servers
Operation
Command
Remarks
Enter system view
system-view
—
Create a HWTACACS
scheme and enter its view
hwtacacs scheme
hwtacacs-scheme-name
Required
By default, no
HWTACACS scheme
exists.
Set the IP address and
port number of the
primary TACACS
authentication server
primary authentication
ip-address
[
port
]
Required
By default, the IP address
of the primary
authentication server is
0.0.0.0, and the port
number is 0.
Set the IP address and
port number of the
secondary TACACS
authentication server
secondary
authentication
ip-address
[
port
]
Optional
By default, the IP address
of the secondary
authentication server is
0.0.0.0, and the port
number is 0.
Caution:
z
You are not allowed to configure the same IP address for both primary and
secondary authentication servers. If you do this, the system will prompt that the
configuration fails.
z
You can remove an authentication server setting only when there is no active TCP
connection that is sending authentication messages to the server.
2.3.3 Configuring TACACS Authorization Servers
Table 2-26
Configure TACACS authorization servers
Operation
Command
Remarks
Enter system view
system-view
—
Create a HWTACACS
scheme and enter its view
hwtacacs scheme
hwtacacs-scheme-name
Required
By default, no
HWTACACS scheme
exists.