R0106-HP MSR Router Series Security Command Reference(V7)
97
If an HWTACACS scheme defines that the username is sent without the ISP domain name, do not apply
the HWTACACS scheme to more than one ISP domain. Otherwise, the HWTACACS server will consider
two users in different ISP domains but with the same userid as one user.
If the HWTACACS scheme is used for wireless users, specify the format of the username to be sent from
the access device to the HWTACACS server as keep-original. Otherwise, authentication of the wireless
users might fail.
Examples
# Configure the device to remove the ISP domain name from the username sent to the HWTACACS
servers specified in HWTACACS scheme hwt1.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] user-name-format without-domain
Related commands
display hwtacacs scheme
vpn-instance (HWTACACS scheme view)
Use vpn-instance to specify a VPN for an HWTACACS scheme.
Use undo vpn-instance to remove the configuration.
Syntax
vpn-instance vpn-instance-name
undo vpn-instance
Default
The HWTACACS scheme belongs to the public network.
Views
HWTACACS scheme view
Predefined user roles
network-admin
Parameters
vpn-instance-name: Name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters.
Usage guidelines
The VPN specified here takes effect for all servers in the HWTACACS scheme for which no VPN is
specified.
Examples
# Specify VPN test for HWTACACS scheme hwt1.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] vpn-instance test
Related commands
display hwtacacs scheme