Manualshelf

R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
51525354555657585960
40
Ste
p
Command
Remarks
2. Enter HWTACACS scheme
view.
hwtacacs scheme
hwtacacs-scheme-name
N/A
3. Specify HWTACACS
authentication servers.
Specify the primary HWTACACS
authentication server:
primary authentication ip-address
[ port-number | key [ cipher |
simple ] key | vpn-instance
vpn-instance-name ] *
Specify a secondary HWTACACS
authentication server:
secondary authentication
ip-address [ port-number | key
[ cipher | simple ] key |
vpn-instance vpn-instance-name ]
*
Configure at least one command.
No authentication server is
specified by default.
You can remove an authentication server only when no active TCP connection for sending authentication
packets is using it.
Specifying the HWTACACS authorization servers
You can specify one primary authorization server and one secondary authorization server for an
HWTACACS scheme. When the primary server is not available, the secondary server is used. In a
scenario where redundancy is not required, specify only the primary server.
An HWTACACS server can function as the primary authorization server of one scheme and as the
secondary authorization server of another scheme at the same time. You cannot specify the same IP
address as both the primary and the secondary authorization servers in a scheme.
You can remove an HWTACACS authorization server only when no active TCP connection for sending
authorization packets is using it.
To specify HWTACACS authorization servers for an HWTACACS scheme:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter HWTACACS scheme
view.
hwtacacs scheme
hwtacacs-scheme-name
N/A
3. Specify HWTACACS
authorization servers.
Specify the primary HWTACACS
authorization server:
primary authorization ip-address
[ port-number | key [ cipher |
simple ] key | vpn-instance
vpn-instance-name ] *
Specify a secondary HWTACACS
authorization server:
secondary authorization ip-address
[ port-number | key [ cipher |
simple ] key | vpn-instance
vpn-instance-name ] *
Configure at least one
command.
No authorization server is
specified by default.