95
Examples
# Specify the IP address and port number of the primary authentication server for HWTACACS
scheme
hwt1
as 10.163.155.13 and 49.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] primary authentication 10.163.155.13 49
Related commands
•
display
hwtacacs
•
vpn-instance
(HWTACACS scheme view)
primary authorization
Use
primary authorization
to specify the primary HWTACACS authorization server.
Use
undo primary authorization
to remove the configuration.
Syntax
primary authorization
ip-address
[
port-number
|
vpn-instance
vpn-instance-name
] *
undo primary authorization
Default
No primary HWTACACS authorization server is specified.
Views
HWTACACS scheme view
Default command level
2: System level
Parameters
ip-address
: IP address of the primary HWTACACS authorization server in dotted decimal notation.
The default is 0.0.0.0.
port-number
: Service port number of the primary HWTACACS authorization server. It is a TCP port in
the range of 1 to 65535 and defaults to 49.
vpn-instance
vpn-instance-name
: Specifies the MPLS L3VPN to which the primary HWTACACS
authorization server belongs. The
vpn-instance-name
argument is a case-sensitive string of 1 to 31
characters. If the server is on the public network, do not specify this option.
Usage guidelines
The IP addresses of the primary and secondary authorization servers must be different. Otherwise,
the configuration fails.
If the specified server resides on an MPLS VPN, specify the VPN by using the
vpn-instance
vpn-instance-name
option.
If you execute the command multiple times, the most recent configuration takes effect.
You can remove an authorization server only when it is not used by any active TCP connection to
send authorization packets. Removing an authorization server only affects authorization processes
that occur after the remove operation.
The VPN specified by this command takes precedence over the VPN specified for the HWTACACS
scheme.