R3303-HP HSR6800 Routers Security Command Reference
105
If you execute the command multiple times, the most recent configuration takes effect.
You can remove an authentication server only when it is not used by any active TCP connection to send
authentication packets is using it. Removing an authentication server only affects authentication
processes that occur after the remove operation.
The VPN specified by this command takes precedence over the VPN specified for the HWTACACS
scheme.
Examples
# Specify the IP address and port number of the secondary authentication server for HWTACACS
scheme hwt1 as 10.163.155.13 with TCP port number 49.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] secondary authentication 10.163.155.13 49
Related commands
• display hwtacacs
• vpn-instance (HWTACACS scheme view)
secondary authorization
Use secondary authorization to specify a secondary HWTACACS authorization server.
Use undo secondary authorization to remove the configuration.
Syntax
secondary authorization ip-address [ port-number | vpn-instance vpn-instance-name ] *
undo secondary authorization
Default
No secondary HWTACACS authorization server is specified.
Views
HWTACACS scheme view
Default command level
2: System level
Parameters
ip-address: IP address of the secondary HWTACACS authorization server in dotted decimal notation.
The default is 0.0.0.0.
port-number: Service port number of the secondary HWTACACS authorization server. It is a TCP port in
the range of 1 to 65535 and defaults to 49.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the secondary HWTACACS
authorization server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31
characters. If the server is on the public network, do not specify this option.
Usage guidelines
The IP addresses of the primary and secondary authorization servers cannot be the same. Otherwise, the
configuration fails.