hwtacacs-server authentication(HWTACACS server template view)

Function

The hwtacacs-server authentication command configures the primary and secondary HWTACACS authentication server for the template.

The undo hwtacacs-server authentication command deletes the primary HWTACACS authentication server from the template.

By default, no HWTACACS authentication server is configured.

Format

hwtacacs-server authentication ip-address

hwtacacs-server authentication ip-address secondary

hwtacacs-server authentication ip-address port

hwtacacs-server authentication ip-address { shared-key { key-string | cipher key-string } | mux-mode | { vpn-instance vpn-name-val | public-net } } *

hwtacacs-server authentication ip-address port { shared-key { key-string | cipher key-string } | mux-mode | { vpn-instance vpn-name-val | public-net } } *

hwtacacs-server authentication ip-address port secondary

hwtacacs-server authentication ip-address { shared-key { key-string | cipher key-string } | mux-mode | { vpn-instance vpn-name-val | public-net } } * secondary

hwtacacs-server authentication ip-address port { shared-key { key-string | cipher key-string } | mux-mode | { vpn-instance vpn-name-val | public-net } } * secondary

undo hwtacacs-server authentication

undo hwtacacs-server authentication ip-address

undo hwtacacs-server authentication ip-address secondary

undo hwtacacs-server authentication ip-address port

undo hwtacacs-server authentication ip-address [ port ] { mux-mode | { vpn-instance vpn-name-val | public-net } } *

undo hwtacacs-server authentication ip-address port secondary

undo hwtacacs-server authentication ip-address [ port ] { mux-mode | { vpn-instance vpn-name-val | public-net } } * secondary

Parameters

Parameter Description Value
ip-address

Specifies the IP address of a server.

The value is in dotted decimal notation and must be a valid unicast address.
secondary

Sets the secondary HWTACACS server for the template.

-
port

Specifies the port number of a server.

It is an integer data type. The value range is from 1 to 65535. By default, the value is 49.
shared-key

Specifies the shared-key.

-
key-string

Specifies the shared key in encrypted or plain text.

The value is a string of case-sensitive characters that can be letters or digits. Spaces are not supported. The password can be a string of 1 to 255 characters in plain text or a string of 20 to 432 characters in encrypted text.

The new password is at least eight characters long and contains at least two of the following types: upper-case letters, lower-case letters, digits, and special characters.
cipher key-string

Specifies the shared-key in encrypted or plain text, and the configured text will be displayed as encrypted text.

The value is a string of case-sensitive characters that can be letters or digits. Spaces are not supported. The password can be a string of 1 to 255 characters in plain text or a string of 20 to 432 characters in encrypted text.

The new password is at least eight characters long and contains at least two of the following types: upper-case letters, lower-case letters, digits, and special characters, except the question mark (?) and space.
mux-mode

Sets the multiplexing mode for HWTACACS server.

-
vpn-instance vpn-name-val

Specifies the VPN instance name.

If the parameter vpn-instance is specified, the server is mapped to a VPN instance.

If vpn-instance-name does not exist, the configuration is invalid.

The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string.
public-net

Indicates that the HWTACACS authentication server on the public network is connected.

-
simple simple-key-string

Specifies the shared key in plain text.

The value is a string of case-sensitive characters that can be letters or digits. Spaces are not supported. The password can be a string of 1 to 255 characters in plain text.

Views

HWTACACS server template view

Default Level

3: Management level

Task Name and Operations

Task Name Operations
hwtacacs write

Usage Guidelines

The IP addresses of the primary and the secondary authentication servers must be different; otherwise, the server configuration fails.

If the command is used repeatedly, the new configuration supersedes the previous one.

This server can be deleted only when it is not used in any active TCP connection for sending the authentication packets.

The IP address and port number of the authentication servers must be unique within the template for successful configuration.

When HWTACACS authentication is used for management users, you are advised to configure the user locking mechanism on the HWTACACS server. If the user locking mechanism is not configured, brute force cracking may occur.

Example

# To configure the primary authentication server for the template htipl.
<HUAWEI> system-view
[~HUAWEI] hwtacacs-server template htipl
[*HUAWEI-hwtacacs-htipl] hwtacacs-server authentication 10.164.155.13 1010
Parent Topic: AAA and User Management Configuration Commands (Administrative User)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >