Specifying the HWTACACS authentication servers

About HWTACACS authentication servers

You can specify one primary authentication server and a maximum of 16 secondary authentication servers for an HWTACACS scheme. When the primary server is unreachable, the device searches for the secondary servers in the order they are configured. The first secondary server in active state is used for communication.

Restrictions and guidelines

If redundancy is not required, specify only the primary server.

An HWTACACS server can function as the primary authentication server in one scheme and as the secondary authentication server in another scheme at the same time.

Two HWTACACS authentication servers in a scheme, primary or secondary, cannot have the same combination of VPN instance, host name, IP address, and port number.

Procedure

  1. Enter system view.

    system-view

  2. Enter HWTACACS scheme view.

    hwtacacs scheme hwtacacs-scheme-name

  3. Specify the primary HWTACACS authentication server.

    primary authentication { host-name | ipv4-address | ipv6 ipv6-address } [ port-number | key { cipher | simple } string | single-connection | vpn-instance vpn-instance-name ] *

    By default, no primary HWTACACS authentication server is specified.

  4. (Optional.) Specify a secondary HWTACACS authentication server.

    secondary authentication { host-name | ipv4-address | ipv6 ipv6-address } [ port-number | key { cipher | simple } string | single-connection | vpn-instance vpn-instance-name ] *

    By default, no secondary HWTACACS authentication servers are specified.