Specifying the HWTACACS authorization servers

About HWTACACS authorization servers

You can specify one primary authorization server and a maximum of 16 secondary authorization servers for an HWTACACS scheme. When the primary server is not available, the device searches for the secondary servers in the order they are configured. The first secondary server in active state is used for communication.

Restrictions and guidelines

If redundancy is not required, specify only the primary server.

An HWTACACS server can function as the primary authorization server of one scheme and as the secondary authorization server of another scheme at the same time.

Two HWTACACS authorization servers in a scheme, primary or secondary, cannot have the same combination of VPN instance, host name, IP address, and port number.

Procedure

  1. Enter system view.

    system-view

  2. Enter HWTACACS scheme view.

    hwtacacs scheme hwtacacs-scheme-name

  3. Specify the primary HWTACACS authorization server.

    primary authorization { host-name | ipv4-address | ipv6 ipv6-address } [ port-number | key { cipher | simple } string | single-connection | vpn-instance vpn-instance-name ] *

    By default, no primary HWTACACS authorization server is specified.

  4. (Optional.) Specify a secondary HWTACACS authorization server.

    secondary authorization { host-name | ipv4-address | ipv6 ipv6-address } [ port-number | key { cipher | simple } string | single-connection | vpn-instance vpn-instance-name ] *

    By default, no secondary HWTACACS authorization servers are specified.