R3303-HP HSR6800 Routers Security Command Reference
99
Related commands
• display hwtacacs
• vpn-instance (HWTACACS scheme view)
primary authentication (HWTACACS scheme view)
Use primary authentication to specify the primary HWTACACS authentication server.
Use undo primary authentication to remove the configuration.
Syntax
primary authentication ip-address [ port-number | vpn-instance vpn-instance-name ] *
undo primary authentication
Default
No primary HWTACACS authentication server is specified.
Views
HWTACACS scheme view
Default command level
2: System level
Parameters
ip-address: IP address of the primary HWTACACS authentication server in dotted decimal notation. The
default is 0.0.0.0.
port-number: Service port number of the primary HWTACACS authentication server. It is a TCP port in
the range of 1 to 65535 and defaults to 49.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the primary HWTACACS
authentication server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31
characters. If the server is on the public network, do not specify this option.
Usage guidelines
The IP addresses of the primary and secondary authentication servers must be different. Otherwise, the
configuration fails.
If the specified server resides on an MPLS VPN, specify the VPN by using the vpn-instance
vpn-instance-name option.
If you execute the command multiple times, the most recent configuration takes effect.
You can remove an authentication server only when it is not used by any active TCP connection to send
authentication packets. Removing an authentication server only affects authentication processes that
occur after the remove operation.
The VPN specified by this command takes precedence over the VPN specified for the HWTACACS
scheme.
Examples
# Specify the IP address and port number of the primary authentication server for HWTACACS scheme
hwt1 a s 10 .163 .155 .13 a n d 4 9.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1