hwtacacs-server accounting(HWTACACS server template view)

Function

The hwtacacs-server accounting command configures the primary and secondary HWTACACS accounting server for the template.

The undo hwtacacs-server accounting command deletes the primary HWTACACS accounting server from the template.

By default, if secondary parameter is not specified, the primary server is configured.

Format

hwtacacs-server accounting ipv6-address

hwtacacs-server accounting ipv6-address secondary

hwtacacs-server accounting ipv6-address port

hwtacacs-server accounting ipv6-address { shared-key { key-string | cipher key-string } | mux-mode | vpn-instance vpn-instance-name } *

hwtacacs-server accounting ipv6-address port { shared-key { key-string | cipher key-string } | mux-mode | vpn-instance vpn-instance-name } *

hwtacacs-server accounting ipv6-address port secondary

hwtacacs-server accounting ipv6-address { shared-key { key-string | cipher key-string } | mux-mode | vpn-instance vpn-instance-name } * secondary

hwtacacs-server accounting ipv6-address port { shared-key { key-string | cipher key-string } | mux-mode | vpn-instance vpn-instance-name } * secondary

undo hwtacacs-server accounting ipv6-address

undo hwtacacs-server accounting ipv6-address secondary

undo hwtacacs-server accounting ipv6-address port

undo hwtacacs-server accounting ipv6-address [ port ] { mux-mode | vpn-instance vpn-instance-name } *

undo hwtacacs-server accounting ipv6-address port secondary

undo hwtacacs-server accounting ipv6-address [ port ] { mux-mode | vpn-instance vpn-instance-name } * secondary

Parameters

Parameter Description Value
ipv6-address

Specifies the IPv6 address of the server.

The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X.
secondary

Indicates the secondary HWTACACS server.

  • If the parameter secondary is not specified, the IP address is assigned to the primary HWTACACS accounting server.
  • If the parameter secondary is specified, the IP address is assigned to the secondary HWTACACS accounting server.

-
port

Specifies the port number of the HWTACACS server.

The value is an integer ranging from 1 to 65535. The default value is 49.
shared-key

Specifies the shared key.

-
key-string

Specifies the shared key in encrypted or plain text.

The value is a string of case-sensitive characters that can be letters or digits. Spaces are not supported. The password can be a string of 1 to 255 characters in plain text or a string of 20 to 432 characters in encrypted text.

The new password is at least eight characters long and contains at least two of the following types: upper-case letters, lower-case letters, digits, and special characters.
cipher key-string

Specifies the shared-key in encrypted or plain text, and the configured text will be displayed as encrypted text.

The new password is at least eight characters long and contains at least two of the following types: upper-case letters, lower-case letters, digits, and special characters, except the question mark (?) and space.

Cipher-string is a string of case-sensitive characters that can be letters or digits. The password can be a string of 1 to 255 characters in plain text or a string of 20 to 432 characters in encrypted text.

Except the question mark (?) and space. However, when quotation marks (") are used around the password, spaces are allowed in the password.
mux-mode

Indicates that the HWTACACS server works in multiplex mode.

-
vpn-instance vpn-instance-name

Specifies the VPN instance name.

If the parameter vpn-instance is specified, the server is mapped to a VPN instance.

If vpn-instance-name does not exist, the configuration is invalid.

The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string.
simple simple-key-string

Specifies the shared key in plain text.

The value is a string of case-sensitive characters that can be letters or digits. Spaces are not supported. The password can be a string of 1 to 255 characters in plain text.

Views

HWTACACS server template view

Default Level

3: Management level

Task Name and Operations

Task Name Operations
hwtacacs write

Usage Guidelines

Usage Scenario

When user accounting needs to be performed, you can run the hwtacacs-server accounting command to assign an IPv6 address to the primary or secondary HWTACACS accounting server.

Prerequisites

The HWTACACS server template is correctly configured.

Configuration Impact

If the hwtacacs-server accounting command runs for multiple times, the latest configuration overrides the previous ones.

Precautions

  • The IPv6 address of the primary HWTACACS accounting server must be different from that of the secondary HWTACACS accounting server. Otherwise, the system prompts that the configuration fails.
  • The HWTACACS accounting server can be deleted only when it is not used in any active TCP connection for sending accounting packets.

Example

# Configure the primary HWTACACS accounting server.
<HUAWEI> system-view
[~HUAWEI] hwtacacs-server template test1
[*HUAWEI-hwtacacs-test1] hwtacacs-server accounting 2001:db8:1::1 49
Parent Topic: AAA and User Management Configuration Commands (Administrative User)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >