The hwtacacs-server authorization command configures the primary and secondary HWTACACS authorization server for the template.
The undo hwtacacs-server authorization command deletes the primary HWTACACS authorization server from the template.
By default, no HWTACACS authorization server is configured.
hwtacacs-server authorization ipv6-address
hwtacacs-server authorization ipv6-address secondary
hwtacacs-server authorization ipv6-address port
hwtacacs-server authorization ipv6-address { shared-key { key-string | cipher key-string } | mux-mode | vpn-instance vpn-instance-name } *
hwtacacs-server authorization ipv6-address port { shared-key { key-string | cipher key-string } | mux-mode | vpn-instance vpn-instance-name } *
hwtacacs-server authorization ipv6-address port secondary
hwtacacs-server authorization ipv6-address { shared-key { key-string | cipher key-string } | mux-mode | vpn-instance vpn-instance-name } * secondary
hwtacacs-server authorization ipv6-address port { shared-key { key-string | cipher key-string } | mux-mode | vpn-instance vpn-instance-name } * secondary
undo hwtacacs-server authorization ipv6-address
undo hwtacacs-server authorization ipv6-address secondary
undo hwtacacs-server authorization ipv6-address port
undo hwtacacs-server authorization ipv6-address [ port ] { mux-mode | vpn-instance vpn-instance-name } *
undo hwtacacs-server authorization ipv6-address port secondary
undo hwtacacs-server authorization ipv6-address [ port ] { mux-mode | vpn-instance vpn-instance-name } * secondary
| Parameter | Description | Value |
|---|---|---|
| ipv6-address |
Specifies the IPv6 address of the server. |
The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X. |
| secondary |
Sets the secondary HWTACACS server for the template. |
- |
| port |
Specifies the port number of a server. |
It is an integer data type. The value range is from 1 to 65535. By default, the value is 49. |
| shared-key |
Specifies the shared key. |
- |
| key-string |
Specifies the shared key in encrypted or plain text. |
The value is a string of case-sensitive characters that can be letters or digits. Spaces are not supported. The password can be a string of 1 to 255 characters in plain text or a string of 20 to 432 characters in encrypted text. The new password is at least eight characters long and contains at least two of the following types: upper-case letters, lower-case letters, digits, and special characters. |
| cipher key-string |
Specifies the shared-key in encrypted or plain text, and the configured text will be displayed as encrypted text. |
The value is a string of case-sensitive characters that can be letters or digits. Spaces are not supported. The password can be a string of 1 to 255 characters in plain text or a string of 20 to 432 characters in encrypted text. The new password is at least eight characters long and contains at least two of the following types: upper-case letters, lower-case letters, digits, and special characters, except the question mark (?) and space. |
| mux-mode |
Sets the multiplexing mode for HWTACACS server. |
- |
| vpn-instance vpn-instance-name |
Specifies the VPN instance name. If the parameter vpn-instance is specified, the server is mapped to a VPN instance. If vpn-instance-name does not exist, the configuration is invalid. |
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string. |
| simple simple-key-string |
Specifies the shared key in plain text. |
The value is a string of 1 to 255 case-sensitive characters, spaces not allowed. |
The IPv6 addresses of the primary and the secondary authorization server must be different; otherwise, the server configuration fails.
If the command is used repeatedly, the new configuration supersedes the previous one.
This server can be deleted only when it is not used in any active TCP connection for sending the authorization packets.
The IPv6 address and the port number of the authorization servers must be unique within the template for successful configuration.