primary authentication (HWTACACS scheme view)
Syntax
primary authentication ip-address [ port-number | key [ cipher | simple ] key ] *
undo primary authentication
View
HWTACACS scheme view
Default level
2: System level
Parameters
ip-address: Specifies the IP address of the primary HWTACACS authentication server, in dotted decimal notation. The default setting is 0.0.0.0.
port-number: Specifies the service port number of the primary HWTACACS authentication server. It ranges from 1 to 65535 and defaults to 49.
key [ cipher | simple ] key: Sets the shared key for secure communication with the primary HWTACACS authentication server.
cipher key: Sets a ciphertext shared key, which is a case-sensitive ciphertext string of 1 to 373 characters in non-FIPS mode and 8 to 373 characters in FIPS mode.
simple key: Sets a plaintext shared key, which is a case-sensitive string of 1 to 255 characters in non-FIPS mode and 8 to 255 characters that must include numbers, uppercase letters, lowercase letters, and special characters in FIPS mode.
If neither cipher nor simple is specified, you set a plaintext shared key string.
Description
Use primary authentication to specify the primary HWTACACS authentication server.
Use undo primary authentication to remove the configuration.
By default, no primary HWTACACS authentication server is specified.
The IP addresses of the primary and secondary authentication servers must be different. Otherwise, the configuration fails.
Make sure the port number and shared key settings of the primary HWTACACS authentication server are the same as those configured on the server.
The shared key configured by using this command takes precedence over the shared key configured by using the key authentication [ cipher | simple ] key command. For secrecy, all shared keys, including shared keys configured in plain text, are saved in cipher text.
If you execute the command multiple times, the most recent configuration takes effect.
You can remove an authentication server only when it is not used by any active TCP connection to send authentication packets. Removing an authentication server affects only authentication processes that occur after the remove operation.
Related commands: display hwtacacs.
Examples
# Specify the IP address and port number of the primary authentication server for HWTACACS scheme hwt1 as 10.163.155.13 and 49.
<Sysname> system-view [Sysname] hwtacacs scheme hwt1 [Sysname-hwtacacs-hwt1] primary authentication 10.163.155.13 49