primary authorization
Syntax
primary authorization ip-address [ port-number | key [ cipher | simple ] key ] *
undo primary authorization
View
HWTACACS scheme view
Default level
2: System level
Parameters
ip-address: IP address of the primary HWTACACS authorization server, in dotted decimal notation. The default setting is 0.0.0.0.
port-number: Service port number of the primary HWTACACS authorization server. It ranges from 1 to 65535 and defaults to 49.
key { cipher | simple } key: Sets the shared key for secure communication with the primary HWTACACS authorization server.
cipher key: Sets a ciphertext shared key. The key argument is case sensitive.
In non-FIPS mode, the key is a string of 1 to 373 characters.
In FIPS mode, the key is a string of 8 to 373 characters.
simple key: Sets a plaintext shared key. The key argument is case sensitive.
In non-FIPS mode, the key is a string of 1 to 255 characters.
In FIPS mode, the key is a string of 8 to 255 characters. The string must contain digits, uppercase letters, lowercase letters, and special characters.
If you specify neither cipher nor simple, the command sets a plaintext shared key.
Description
Use primary authorization to specify the primary HWTACACS authorization server.
Use undo primary authorization to remove the configuration.
By default, no primary HWTACACS authorization server is specified.
The IP addresses of the primary and secondary authorization servers must be different. Otherwise, the configuration fails.
If you configure the command repeatedly, only the last configuration takes effect.
You can remove an authorization server only when it is not used by any active TCP connection to send authorization packets. Removing an authorization server affects only authorization processes that occur after the remove operation.
Related commands: display hwtacacs.
Examples
# Configure the IP address and port number of the primary authorization server for HWTACACS scheme hwt1 as 10.163.155.13 and 49.
<Sysname> system-view [Sysname] hwtacacs scheme hwt1 [Sysname-hwtacacs-hwt1] primary authorization 10.163.155.13 49