R2511-HP MSR Router Series Security Command Reference(V5)
102
The shared key configured by this command takes precedence over that configured by using the key
authentication [ cipher | simple ] key command.
If the specified server resides on an MPLS VPN, specify the VPN by using the vpn-instance
vpn-instance-name option.
If you execute the command multiple times, the most recent configuration takes effect.
You can remove an authentication server only when it is not used by any active TCP connection to send
authentication packets. Removing an authentication server only affects authentication processes that
occur after the remove operation.
The VPN specified by this command takes precedence over the VPN specified for the HWTACACS
scheme.
Examples
# Specify the IP address and port number of the primary authentication server for HWTACACS scheme
hwt1 a s 10 .16 3 .15 5 .13 a n d 4 9.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] primary authentication 10.163.155.13 49 key simple abCD1@
Related commands
• display hwtacacs
• key (HWTACACS scheme view)
• vpn-instance (HWTACACS scheme view)
primary authorization
Use primary authorization to specify the primary HWTACACS authorization server.
Use undo primary authorization to remove the configuration.
Syntax
primary authorization ip-address [ port-number | key [ cipher | simple ] key | vpn-instance
vpn-instance-name ] *
undo primary authorization
Default
No primary HWTACACS authorization server is specified.
Views
HWTACACS scheme view
Default command level
2: System level
Parameters
ip-address: Specifies the IP address of the primary HWTACACS authorization server in dotted decimal
notation. The default is 0.0.0.0.
port-number: Specifies the service port number of the primary HWTACACS authorization server. The
value range for the port number is 1 to 65535, and the default is 49.