R2511-HP MSR Router Series Security Command Reference(V5)
109
Usage guidelines
Make sure the port number and shared key settings of the secondary HWTACACS authorization server
are the same as those configured on the server.
The IP addresses of the primary and secondary authorization servers cannot be the same. Otherwise, the
configuration fails.
If the specified server resides on an MPLS VPN, you also must specify that VPN with the secondary
authorization command to ensure normal communication with the server. The VPN specified here takes
precedence over the VPN specified for the HWTACACS scheme.
The shared key configured by this command takes precedence over that configured by using the key
authorization [ cipher | simple ] key command.
If you execute the command multiple times, the most recent configuration takes effect.
You can remove an authorization server only when it is not used by any active TCP connection to send
authorization packets. Removing an authorization server only affects authorization processes that occur
after the remove operation.
Examples
# Configure the secondary authorization server 10.163.155.13 with TCP port number 49.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] secondary authorization 10.163.155.13 49 key simple abCD1@
Related commands
• display hwtacacs
• key (HWTACACS scheme view)
• vpn-instance (HWTACACS scheme view)
stop-accounting-buffer enable (HWTACACS scheme view)
Use stop-accounting-buffer enable to enable the device to buffer stop-accounting requests to which no
responses are received.
Use undo stop-accounting-buffer enable to disable the buffering function.
Syntax
stop-accounting-buffer enable
undo stop-accounting-buffer enable
Default
The device buffers stop-accounting requests to which no responses are received.
Views
HWTACACS scheme view
Default command level
2: System level
Usage guidelines
Stop-accounting requests affect the charge to users. A NAS must make its best effort to send every
stop-accounting request to the HWTACACS accounting servers. For each stop-accounting request that