The hwtacacs-server authentication command configures the HWTACACS authentication server.
The undo hwtacacs-server authentication command deletes configurations of the HWTACACS authentication server.
By default, no HWTACACS authentication server is configured.
hwtacacs-server authentication { ipv4-address | ipv6-address } [ port ] [ public-net | vpn-instance vpn-instance-name ] [ secondary | third | fourth ]
undo hwtacacs-server authentication [ secondary | third | fourth ] { ip-address | ipv6-address }
Parameter |
Description |
Value |
|---|---|---|
ipv4-address |
Specifies the IPv4 address of an HWTACACS authentication server. |
The value is a valid unicast address in dotted decimal notation. |
ipv6-address |
Specifies the IPv6 address of an HWTACACS authentication server. |
The value is a 32-digit hexadecimal number, in the format X:X:X:X:X:X:X:X. |
port |
Specifies the port number of an HWTACACS authentication server. |
The value is an integer that ranges from 1 to 65535. The default value is 49. |
public-net |
Indicates that the HWTACACS authentication server is connected to the public network. |
- |
vpn-instance vpn-instance-name |
Specifies the name of a VPN instance that the HWTACACS accounting server is bound to. |
The value must be an existing VPN instance name. |
secondary |
Configures the second HWTACACS authentication server as the standby server. If no standby server is configured, the primary HWTACACS authentication server is specified. |
- |
third |
Configures the third HWTACACS authentication server as the standby server. If no secondary server is configured, the primary HWTACACS authentication server is specified. |
- |
fourth |
Specifies the fourth HWTACACS authentication server as the secondary server. If no secondary server is configured, the primary HWTACACS authentication server is specified. |
- |
ip-address |
Deletes the primary HWTACACS authentication server with a specified IPv4 address. If the standby server parameter is specified, the secondary HWTACACS authentication server with the specified IPv4 address is deleted. |
- |
ipv6-address |
Deletes the primary HWTACACS authentication server with a specified IPv6 address. If the standby server parameter is specified, the secondary HWTACACS authentication server with the specified IPv6 address is deleted. |
- |
Usage Scenario
To authenticate users in HWTACACS mode, you must configure the HWTACACS authentication server. When both the primary and secondary authentication servers are configured, the device sends an authentication request packet to the secondary authentication server in any of the following situations:
Precautions
You can modify this configuration only when device does not set up TCP connection with the specified accounting server.
The IP addresses of the primary and secondary servers must be different. Otherwise, the server configuration fails.
IPv4 and IPv6 servers are configured at the same time in the same HWTACACS server template. The order for selecting servers is as follows: primary IPv4 server -> primary IPv6 server -> second secondary IPv4 server -> second secondary IPv6 server -> third secondary IPv4 server -> third secondary IPv6 server -> fourth secondary IPv4 server -> fourth secondary IPv6 server.