Manualshelf

R21xx-HP FlexFabric 11900 Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
71727374757677787980
63
Related commands
display hwtacacs scheme
key (HWTACACS scheme view)
primary accounting (HWTACACS scheme view)
vpn-instance (HWTACACS scheme view)
secondary authentication (HWTACACS scheme view)
Use secondary authentication to specify a secondary HWTACACS authentication server.
Use undo secondary authentication to remove a secondary HWTACACS authentication server.
Syntax
secondary authentication { ipv4-address | ipv6 ipv6-address } [ port-number I key { cipher | simple }
string | vpn-instance vpn-instance-name ] *
undo secondary authentication [ { ipv4-address | ipv6 ipv6-address } [ port-number | vpn-instance
vpn-instance-name ]* ]
Default
No secondary HWTACACS authentication server is specified.
Views
HWTACACS scheme view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies the IPv4 address of the secondary HWTACACS authentication server.
ipv6 ipv6-address: Specifies the IPv6 address of the secondary HWTACACS authentication server.
port-number: Specifies the service port number of the secondary HWTACACS authentication server, a
TCP port number in the range of 1 to 65535. The default setting is 49.
key { cipher | simple } string: Sets the shared key for secure communication with the secondary
HWTACACS authentication server.
cipher string: Sets a ciphertext shared key. The string argument is case sensitive. In non-FIPS mode,
the key is a string of 1 to 373 characters. In FIPS mode, the key is a string of 15 to 373 characters.
simple string: Sets a plaintext shared key. The string argument is case sensitive. In non-FIPS mode,
the key is a string of 1 to 255 characters. In FIPS mode, the key is a string of 15 to 255 characters
and must contain numbers, uppercase letters, lowercase letters, and special characters.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the secondary HWTACACS
authentication server belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters.
If the server is on the public network, do not specify this option.
Usage guidelines
Make sure that the port number and shared key settings of each secondary HWTACACS authentication
server are the same as those configured on the corresponding server.
You can configure up to 16 secondary HWTACACS authentication servers for an HWTACACS scheme.
With the configuration, if the primary server fails, the device looks for a secondary server in active state