hwtacacs-server authorization

Function

The hwtacacs-server authorization command configures the primary and secondary HWTACACS authorization server for the template.

The undo hwtacacs-server authorization command deletes the primary HWTACACS authorization server from the template.

By default, no HWTACACS authorization server is configured.

Format

hwtacacs-server authorization ip-address

hwtacacs-server authorization ip-address secondary

hwtacacs-server authorization ip-address port

hwtacacs-server authorization ip-address { shared-key { key-string | cipher key-string } | mux-mode | { vpn-instance vpn-name-val | public-net } } *

hwtacacs-server authorization ip-address port { shared-key { key-string | cipher key-string } | mux-mode | { vpn-instance vpn-name-val | public-net } } *

hwtacacs-server authorization ip-address port secondary

hwtacacs-server authorization ip-address { shared-key { key-string | cipher key-string } | mux-mode | { vpn-instance vpn-name-val | public-net } } * secondary

hwtacacs-server authorization ip-address port { shared-key { key-string | cipher key-string } | mux-mode | { vpn-instance vpn-name-val | public-net } } * secondary

undo hwtacacs-server authorization

undo hwtacacs-server authorization ip-address

undo hwtacacs-server authorization ip-address secondary

undo hwtacacs-server authorization ip-address port

undo hwtacacs-server authorization ip-address [ port ] { mux-mode | { vpn-instance vpn-name-val | public-net } } *

undo hwtacacs-server authorization ip-address port secondary

undo hwtacacs-server authorization ip-address [ port ] { mux-mode | { vpn-instance vpn-name-val | public-net } } * secondary

Parameters

Parameter Description Value
ip-address

Specifies the IP address of a server.

The value is in dotted decimal notation and must be a valid unicast address.
secondary

Sets the secondary HWTACACS server for the template.

-
port

Specifies the port number of a server.

It is an integer data type. The value range is from 1 to 65535. By default, the value is 49.
shared-key

Specifies the shared key.

-
key-string

Specifies the shared key in encrypted or plain text.

The value is a string of case-sensitive characters that can be letters or digits. Spaces are not supported. The password can be a string of 1 to 255 characters in plain text or a string of 20 to 432 characters in encrypted text.

The new password is at least eight characters long and contains at least two of the following types: upper-case letters, lower-case letters, digits, and special characters.
cipher key-string

Specifies the shared-key in encrypted or plain text, and the configured text will be displayed as encrypted text.

The value is a string of case-sensitive characters that can be letters or digits. Spaces are not supported. The password can be a string of 1 to 255 characters in plain text or a string of 20 to 432 characters in encrypted text.

The new password is at least eight characters long and contains at least two of the following types: upper-case letters, lower-case letters, digits, and special characters, except the question mark (?) and space.
mux-mode

Sets the multiplexing mode for HWTACACS server.

-
vpn-instance vpn-name-val

Specifies the VPN instance name.

If the parameter vpn-instance is specified, the server is mapped to a VPN instance.

If vpn-instance-name does not exist, the configuration is invalid.

The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string.
public-net

Indicates that the HWTACACS authorization server on the public network is connected.

-
simple simple-key-string

Specifies the shared key in plain text.

The value is a string of case-sensitive characters that can be letters or digits. Spaces are not supported. The password can be a string of 1 to 255 characters in plain text.

Views

HWTACACS server template view

Default Level

3: Management level

Task Name and Operations

Task Name Operations
hwtacacs write

Usage Guidelines

The IP addresses of the primary and the secondary authorization server must be different; otherwise, the server configuration fails.

If the command is used repeatedly, the new configuration supersedes the previous one.

This server can be deleted only when it is not used in any active TCP connection for sending the authorization packets.

The IP address and the port number of the authorization servers must be unique within the template for successful configuration.

Example

# Configure the primary authorization server for the template htipl.
<HUAWEI> system-view
[~HUAWEI] hwtacacs-server template htipl
[*HUAWEI-hwtacacs-htipl] hwtacacs-server authorization 10.164.155.13 1010
Parent Topic: AAA and User Management Configuration Commands (Administrative User)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >