hwtacacs-server(HWTACACS server template view)

Function

The hwtacacs-server command configures the primary and secondary HWTACACS common server for the template in the HWTACACS server template view.

The undo hwtacacs-server command deletes the primary HWTACACS common server from the template in the HWTACACS server template view.

By default, HWTACACS common server is not configured.

Format

hwtacacs-server ip-address { mux-mode | shared-key { key-string | cipher key-string } | { vpn-instance vpn-instance-name | public-net } } *

hwtacacs-server ip-address { mux-mode | shared-key { key-string | cipher key-string } | { vpn-instance vpn-instance-name | public-net } } * secondary

hwtacacs-server ip-address port { mux-mode | shared-key { key-string | cipher key-string } | { vpn-instance vpn-instance-name | public-net } } *

hwtacacs-server ip-address port { mux-mode | shared-key { key-string | cipher key-string } | { vpn-instance vpn-instance-name | public-net } } * secondary

hwtacacs-server ip-address

hwtacacs-server ip-address secondary

hwtacacs-server ip-address port

hwtacacs-server ip-address port secondary

hwtacacs-server ipv6-address { mux-mode | shared-key { key-string | cipher key-string } | vpn-instance vpn-instance-name } *

hwtacacs-server ipv6-address { mux-mode | shared-key { key-string | cipher key-string } | vpn-instance vpn-instance-name } * secondary

hwtacacs-server ipv6-address port { mux-mode | shared-key { key-string | cipher key-string } | vpn-instance vpn-instance-name } *

hwtacacs-server ipv6-address port { mux-mode | shared-key { key-string | cipher key-string } | vpn-instance vpn-instance-name } * secondary

hwtacacs-server ipv6-address

hwtacacs-server ipv6-address secondary

hwtacacs-server ipv6-address port

hwtacacs-server ipv6-address port secondary

undo hwtacacs-server ip-address [ { { vpn-instance vpn-instance-name | public-net } | mux-mode } * ]

undo hwtacacs-server ip-address [ { { vpn-instance vpn-instance-name | public-net } | mux-mode } * ] secondary

undo hwtacacs-server ip-address port [ { { vpn-instance vpn-instance-name | public-net } | mux-mode } * ]

undo hwtacacs-server ip-address port [ { { vpn-instance vpn-instance-name | public-net } | mux-mode } * ] secondary

undo hwtacacs-server

undo hwtacacs-server ipv6-address [ { mux-mode | vpn-instance vpn-instance-name } * ]

undo hwtacacs-server ipv6-address [ { mux-mode | vpn-instance vpn-instance-name } * ] secondary

undo hwtacacs-server ipv6-address port [ { mux-mode | vpn-instance vpn-instance-name } * ]

undo hwtacacs-server ipv6-address port [ { mux-mode | vpn-instance vpn-instance-name } * ] secondary

Parameters

Parameter Description Value
ip-address

Specifies the IP address of a server.

The value is in dotted decimal notation and must be a valid unicast address.
mux-mode

Sets the multiplexing mode for the HWTACACS server.

When mux-mode is not specified, after a session is complete, the channel between the HWTACACS server and the local AAA server will be closed and does not go Up until another session request is received. When mux-mode is specified, if the interval between two sessions is shorter than the configured value, the channel between the HWTACACS server and the local AAA server will remain Up. Therefore, if sessions are established frequently, specifying mux-mode can improve file transmission efficiency.

-
shared-key

Specifies the shared-key.

-
key-string

Specifies the shared key in encrypted or plain text.

The new password is at least eight characters long and contains at least two of the following types: upper-case letters, lower-case letters, digits, and special characters.

The value is a string of case-sensitive characters that can be letters or digits. The password can be a string of 1 to 255 characters in plain text or a string of 20 to 432 characters in encrypted text.

Except the question mark (?) and space. However, when quotation marks (") are used around the password, spaces are allowed in the password.
cipher key-string

Specifies the shared-key in encrypted or plain text, and the configured text will be displayed as encrypted text.

The new password is at least eight characters long and contains at least two of the following types: upper-case letters, lower-case letters, digits, and special characters.

Cipher-string is a string of case-sensitive characters that can be letters or digits. The password can be a string of 1 to 255 characters in plain text or a string of 20 to 432 characters in encrypted text.

Except the question mark (?) and space. However, when quotation marks (") are used around the password, spaces are allowed in the password.
vpn-instance vpn-instance-name

Specifies the VPN instance name.

If the parameter vpn-instance is specified, the server is mapped to a VPN instance.

If vpn-instance-name does not exist, the configuration is invalid.

The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string.
public-net

Indicates that the HWTACACS server on the public network is connected.

-
secondary

Sets the secondary HWTACACS server for the template. If this parameter is not specified, the server is the primary server.

-
port

Specifies the port number of a server.

It is an integer data type. The value range is from 1 to 65535. By default, the value is 49.
ipv6-address

Specifies the IPv6 address of the server.

The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X.

Views

HWTACACS server template view

Default Level

3: Management level

Task Name and Operations

Task Name Operations
hwtacacs write

Usage Guidelines

Usage Scenario

To configure the AAA servers in a HWTACACS server template, you must separately configure the IP addresses and VPN instances for the servers. Even if the AAA servers share the same IP address and VPN instance, the configurations have to be repeated for three times. To simplify operations, configure a common server.

Precautions

The priority of the common server is higher than that of the AAA servers. When the common server is configured as the primary server, the configurations on the AAA servers do not take effect.

The IP addresses of the primary and the secondary servers must be different; otherwise, the server configuration fails.

Example

# Configure a common server with the IP address 192.168.0.1 in the HWTACACS server template named temp1.
<HUAWEI> system-view
[~HUAWEI] hwtacacs-server template temp1
[*HUAWEI-hwtacacs-temp1] hwtacacs-server 192.168.0.1
Parent Topic: AAA and User Management Configuration Commands (Administrative User)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >