R2511-HP MSR Router Series Security Command Reference(V5)
101
[Sysname-hwtacacs-test1] primary accounting 10.163.155.12 49 key simple abCD1@
Related commands
• display hwtacacs
• key (HWTACACS scheme view)
• vpn-instance (HWTACACS scheme view)
primary authentication (HWTACACS scheme view)
Use primary authentication to specify the primary HWTACACS authentication server.
Use undo primary authentication to remove the configuration.
Syntax
primary authentication ip-address [ port-number | key [ cipher | simple ] key | vpn-instance
vpn-instance-name ] *
undo primary authentication
Default
No primary HWTACACS authentication server is specified.
Views
HWTACACS scheme view
Default command level
2: System level
Parameters
ip-address: Specifies the IP address of the primary HWTACACS authentication server in dotted decimal
notation. The default is 0.0.0.0.
port-number: Specifies the service port number of the primary HWTACACS authentication server. The
value range for the port number is 1 to 65535, and the default is 49.
key [ cipher | simple ] key: Specifies the shared key for secure communication with the primary
HWTACACS authentication server.
• cipher key: Specifies a ciphertext shared key, which is a case-sensitive ciphertext string of 1 to 373
characters.
• simple key: Specifies a plaintext shared key, which is a case-sensitive string of 1 to 255 characters.
• If neither cipher nor simple is specified, you set a plaintext shared key string.
• In FIPS mode, the shared key must contain at least eight characters and the plaintext shared key
string must contain digits, uppercase letters, lowercase letters, and special characters.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the primary HWTACACS
authentication server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31
characters. If the server is on the public network, do not specify this option.
Usage guidelines
Make sure the port number and shared key settings of the primary HWTACACS authentication server are
the same as those configured on the server.
The IP addresses of the primary and secondary HWTACACS authentication servers must be different.
Otherwise, the configuration fails.