R3303-HP HSR6800 Routers Security Command Reference
100
[Sysname-hwtacacs-hwt1] primary authentication 10.163.155.13 49
Related commands
• display hwtacacs
• vpn-instance (HWTACACS scheme view)
primary authorization
Use primary authorization to specify the primary HWTACACS authorization server.
Use undo primary authorization to remove the configuration.
Syntax
primary authorization ip-address [ port-number | vpn-instance vpn-instance-name ] *
undo primary authorization
Default
No primary HWTACACS authorization server is specified.
Views
HWTACACS scheme view
Default command level
2: System level
Parameters
ip-address: IP address of the primary HWTACACS authorization server in dotted decimal notation. The
default is 0.0.0.0.
port-number: Service port number of the primary HWTACACS authorization server. It is a TCP port in the
range of 1 to 65535 and defaults to 49.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the primary HWTACACS
authorization server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31
characters. If the server is on the public network, do not specify this option.
Usage guidelines
The IP addresses of the primary and secondary authorization servers must be different. Otherwise, the
configuration fails.
If the specified server resides on an MPLS VPN, specify the VPN by using the vpn-instance
vpn-instance-name option.
If you execute the command multiple times, the most recent configuration takes effect.
You can remove an authorization server only when it is not used by any active TCP connection to send
authorization packets. Removing an authorization server only affects authorization processes that occur
after the remove operation.
The VPN specified by this command takes precedence over the VPN specified for the HWTACACS
scheme.
Examples
# Configure the IP address and port number of the primary authorization server for HWTACACS scheme
hwt1 a s 10 .163 .155 .13 a n d 4 9.