R2511-HP MSR Router Series Security Command Reference(V5)
108
Examples
# Specify the IP address and port number of the secondary authentication server for HWTACACS
scheme hwt1 as 10.163.155.13 with TCP port number 49.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] secondary authentication 10.163.155.13 49 key simple abCD1@
Related commands
• display hwtacacs
• key (HWTACACS scheme view)
• vpn-instance (HWTACACS scheme view)
secondary authorization
Use secondary authorization to specify a secondary HWTACACS authorization server.
Use undo secondary authorization to remove the configuration.
Syntax
secondary authorization ip-address [ port-number | key [ cipher | simple ] key | vpn-instance
vpn-instance-name ] *
undo secondary authorization
Default
No secondary HWTACACS authorization server is specified.
Views
HWTACACS scheme view
Default command level
2: System level
Parameters
ip-address: Specifies the IP address of the secondary HWTACACS authorization server in dotted decimal
notation. The default is 0.0.0.0.
port-number: Specifies the service port number of the secondary HWTACACS authorization server. The
value range for the port number is 1 to 65535, and the default is 49.
key [ cipher | simple ] key: Specifies the shared key for secure communication with the secondary
HWTACACS authorization server.
• cipher key: Specifies a ciphertext shared key, which is a case-sensitive ciphertext string of 1 to 373
characters.
• simple key: Specifies a plaintext shared key, which is a case-sensitive string of 1 to 255 characters.
• If neither cipher nor simple is specified, you set a plaintext shared key string.
• In FIPS mode, the shared key must contain at least eight characters and the plaintext shared key
string must contain digits, uppercase letters, lowercase letters, and special characters.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the secondary HWTACACS
authorization server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31
characters. If the server is on the public network, do not specify this option.