hwtacacs-server authorization

Function

The hwtacacs-server authorization command configures the HWTACACS authorization server.

The undo hwtacacs-server authorization command deletes configurations of the HWTACACS authorization server.

By default, no HWTACACS authorization server is configured.

Format

hwtacacs-server authorization { ipv4-address | ipv6-address } [ port ] [ public-net | vpn-instance vpn-instance-name ] [ secondary | third | fourth ]

undo hwtacacs-server authorization [ secondary | third | fourth ] { ip-address | ipv6-address }

Parameters

Parameter	Description	Value
ipv4-address	Specifies the IPv4 address of an HWTACACS authorization server.	The value is a valid unicast address in dotted decimal notation.
ipv6-address	Specifies the IPv6 address of the HWTACACS authorization server.	The value is a 32-digit hexadecimal number, in the format X:X:X:X:X:X:X:X.
port	Specifies the port number of an HWTACACS authorization server.	The value is an integer that ranges from 1 to 65535. The default value is 49.
public-net	Indicates that the HWTACACS authorization server is connected to the public network.	-
vpn-instance vpn-instance-name	Specifies the name of a VPN instance that the HWTACACS authorization server is bound to.	The value must be an existing VPN instance name.
secondary	Configures the second HWTACACS authorization server as the standby server. If no standby server is configured, the primary HWTACACS authorization server is specified.	-
third	Configures the third HWTACACS authorization server as the standby server. If no secondary server is configured, the primary HWTACACS authorization server is specified.	-
fourth	Specifies the fourth HWTACACS authorization server as the secondary server. If no secondary server is configured, the primary HWTACACS authorization server is specified.	-
ip-address	Deletes the primary HWTACACS authorization server with a specified IPv4 address. If the standby server parameter is specified, the secondary HWTACACS authorization server with the specified IPv4 address is deleted.	-
ipv6-address	Deletes the primary HWTACACS authorization server with a specified IPv6 address. If the standby server parameter is specified, the secondary HWTACACS authorization server with the specified IPv6 address is deleted.	-

Views

HWTACACS server template view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To authorize users in HWTACACS mode, you must configure the HWTACACS authorization server.

Precautions

You can modify this configuration only when device does not set up TCP connection with the specified accounting server.
The IP addresses of the primary and secondary servers must be different. Otherwise, the server configuration fails.
If the command is run for multiple times in the same HWTACACS server template to configure the servers with the same IP protocol stack and type (for example, the servers are all IPv4 primary servers), only the latest configuration takes effect.
IPv4 and IPv6 servers are configured at the same time in the same HWTACACS server template. The order for selecting servers is as follows: primary IPv4 server -> primary IPv6 server -> second secondary IPv4 server -> second secondary IPv6 server -> third secondary IPv4 server -> third secondary IPv6 server -> fourth secondary IPv4 server -> fourth secondary IPv6 server.

Example

# Configure the primary HWTACACS authorization server.

<HUAWEI> system-view
[HUAWEI] hwtacacs-server template test1
[HUAWEI-hwtacacs-test1] hwtacacs-server authorization 10.163.155.12 49