89
Usage guidelines
Make sure that the port number and shared key settings of the primary HWTACACS authorization server
are the same as those configured on the server.
Two authorization servers specified for a scheme, primary or secondary, cannot have identical IP address,
port number, and VPN settings.
If the specified server resides on an MPLS L3VPN, specify the VPN by using the vpn-instance
vpn-instance-name option. The VPN specified by this command takes precedence over the VPN
specified for the HWTACACS scheme.
You can remove an authorization server only when it is not used for user authorization. Removing an
authorization server affects only authorization processes that occur after the remove operation.
For security purposes, all shared keys, including shared keys configured in plain text, are saved in
ciphertext.
Examples
# Specify the primary authorization server with IP address 10.163.155.13, TCP port number 49, and
plaintext shared key 123456TESTautr&! for HWTACACS scheme hwt1.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] primary authorization 10.163.155.13 49 key simple
123456TESTautr&!
Related commands
• display hwtacacs scheme
• key (HWTACACS scheme view)
• secondary authorization
• vpn-instance (HWTACACS scheme view)
reset hwtacacs statistics
Use reset hwtacacs statistics to clear HWTACACS statistics.
Syntax
reset hwtacacs statistics { accounting | all | authentication | authorization }
Views
User view
Predefined user roles
network-admin
Parameters
accounting: Clears the HWTACACS accounting statistics.
all: Clears all HWTACACS statistics.
authentication: Clears the HWTACACS authentication statistics.
authorization: Clears the HWTACACS authorization statistics.
To Next Page
Loading...
Need help?
General
