1-31
Creating a HWTACACS scheme
The HWTACACS protocol is configured on a per scheme basis. Before performing other HWTACACS
configurations, follow these steps to create a HWTACACS scheme and enter HWTACACS scheme
view:
To do… Use the command… Remarks
Enter system view system-view —
Create a HWTACACS scheme and
enter HWTACACS scheme view
hwtacacs scheme
hwtacacs-scheme-name
Required
Not defined by default
z Up to 16 HWTACACS schemes can be configured.
z A scheme can be deleted only when it is not referenced.
Specifying the HWTACACS Authentication Servers
Follow these steps to specify the HWTACACS authentication servers:
To do… Use the command… Remarks
Enter system view system-view —
Create a HWTACACS scheme
and enter HWTACACS
scheme view
hwtacacs scheme
hwtacacs-scheme-name
Required
Not defined by default
Specify the primary
HWTACACS authentication
server
primary authentication
ip-address [ port-number ]
Specify the secondary
HWTACACS authentication
server
secondary authentication
ip-address [ port-number ]
Required
Configure at least one of the
commands
No authentication server by
default
z It is recommended to specify only the primary HWTACACS authentication server if backup is not
required.
z If both the primary and secondary authentication servers are specified, the secondary one is used
when the primary one is not reachable.
z The IP addresses of the primary and secondary authentication servers cannot be the same.
Otherwise, the configuration fails.
z You can remove an authentication server only when no active TCP connection for sending
authentication packets is using it.
To Next Page
Loading...
