secondary authentication (HWTACACS scheme view)

Syntax

secondary authentication ip-address [ port-number | key [ cipher | simple ] key ] *

undo secondary authentication [ ip-address ]

View

HWTACACS scheme view

Default level

2: System level

Parameters

ip-address: IP address of the secondary HWTACACS authentication server, in dotted decimal notation. The default setting is 0.0.0.0.

port-number: Service port number of the secondary HWTACACS authentication server. It ranges from 1 to 65535 and defaults to 49.

key { cipher | simple } key: Sets the shared key for secure communication with the secondary HWTACACS authentication server.

Description

Use secondary authentication to specify the secondary HWTACACS authentication server.

Use undo secondary authentication to remove the configuration.

By default, no secondary HWTACACS authentication server is specified.

The IP addresses of the primary and secondary authentication servers must be different. Otherwise, the configuration fails.

If you configure the command repeatedly, only the last configuration takes effect.

You can remove an authentication server only when it is not used by any active TCP connection to send authentication packets is using it. Removing an authentication server affects only authentication processes that occur after the remove operation.

Related commands: display hwtacacs.

Examples

# Specify the IP address and port number of the secondary authentication server for HWTACACS scheme hwt1 as 10.163.155.13 with TCP port number 49.

<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] secondary authentication 10.163.155.13 49