F3215-HP Load Balancing Module Security Command Reference-6PW101
117
Related commands
• display hwtacacs
• vpn-instance (HWTACACS scheme view)
secondary authorization
Use secondary authorization to specify a secondary HWTACACS authorization server.
Use undo secondary authorization to remove the configuration.
Syntax
secondary authorization ip-address [ port-number | vpn-instance vpn-instance-name ] *
undo secondary authorization
Default
No secondary HWTACACS authorization server is specified.
Views
HWTACACS scheme view
Default command level
2: System level
Parameters
ip-address: IP address of the secondary HWTACACS authorization server in dotted decimal notation.
The default is 0.0.0.0.
port-number: Service port number of the secondary HWTACACS authorization server. It ranges from 1
to 65535 and defaults to 49.
vpn-instance vpn-instance-name: Specifies the VPN to which the secondary HWTACACS authorization
server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the
server is on the public network, do not specify this option.
Usage guidelines
The IP addresses of the primary and secondary authorization servers cannot be the same. Otherwise, the
configuration fails.
If the specified server resides on a VPN, you also must specify that VPN with the secondary authorization
command to ensure normal communication with the server. The VPN specified here takes precedence
over the VPN specified for the HWTACACS scheme.
If you execute the command multiple times, the most recent configuration takes effect.
You can remove an authorization server only when it is not used by any active TCP connection to send
authorization packets. Removing an authorization server only affects authorization processes that occur
after the remove operation.
Examples
# Configure the secondary authorization server 10.163.155.13 with TCP port number 49.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] secondary authorization 10.163.155.13 49