secondary authentication (HWTACACS scheme view)
Syntax
secondary authentication ip-address [ port-number | key [ cipher | simple ] key ] *
undo secondary authentication [ ip-address ]
View
HWTACACS scheme view
Default level
2: System level
Parameters
ip-address: IP address of the secondary HWTACACS authentication server, in dotted decimal notation. The default setting is 0.0.0.0.
port-number: Service port number of the secondary HWTACACS authentication server. It ranges from 1 to 65535 and defaults to 49.
key { cipher | simple } key: Sets the shared key for secure communication with the secondary HWTACACS authentication server.
cipher key: Sets a ciphertext shared key. The key argument is case sensitive.
In non-FIPS mode, the key is a string of 1 to 373 characters.
In FIPS mode, the key is a string of 8 to 373 characters.
simple key: Sets a plaintext shared key. The key argument is case sensitive.
In non-FIPS mode, the key is a string of 1 to 255 characters.
In FIPS mode, the key is a string of 8 to 255 characters. The string must contain digits, uppercase letters, lowercase letters, and special characters.
If you specify neither cipher nor simple, the command sets a plaintext shared key.
Description
Use secondary authentication to specify the secondary HWTACACS authentication server.
Use undo secondary authentication to remove the configuration.
By default, no secondary HWTACACS authentication server is specified.
The IP addresses of the primary and secondary authentication servers must be different. Otherwise, the configuration fails.
If you configure the command repeatedly, only the last configuration takes effect.
You can remove an authentication server only when it is not used by any active TCP connection to send authentication packets is using it. Removing an authentication server affects only authentication processes that occur after the remove operation.
Related commands: display hwtacacs.
Examples
# Specify the IP address and port number of the secondary authentication server for HWTACACS scheme hwt1 as 10.163.155.13 with TCP port number 49.
<Sysname> system-view [Sysname] hwtacacs scheme hwt1 [Sysname-hwtacacs-hwt1] secondary authentication 10.163.155.13 49