3 configuring hwtacacs authorization servers, 3 configuring hwtacacs authorization servers -35, Configuring – H3C Technologies H3C S3100 Series Switches User Manual

Operation Manual – AAA – RADIUS – HWTACACS

H3C S3100-52P Ethernet Switch

Chapter 1 AAA & RADIUS & HWTACACS

Configuration

1-35

Caution:

z

You are not allowed to configure the same IP address for both primary and
secondary authentication servers. If you do this, the system will prompt that the
configuration fails.

z

You can remove an authentication server setting only when there is no active TCP
connection that is sending authentication messages to the server.

1.5.3 Configuring HWTACACS Authorization Servers

Table 1-26

Configure TACACS authorization servers

Operation

Command

Description

Enter system view

system-view

—

Create a HWTACACS

scheme and enter its view

hwtacacs scheme

hwtacacs-scheme-name

Required
By default, no

HWTACACS scheme

exists.

Set the IP address and

port number of the

primary TACACS

authorization server

primary authorization

ip-address

[ port ]

Required
By default, the IP address

of the primary

authorization server is

0.0.0.0, and the port

number is 0.

Set the IP address and

port number of the

secondary TACACS

authorization server

secondary authorization

ip-address

[ port ]

Required
By default, the IP address

of the secondary

authorization server is

0.0.0.0, and the port

number is 0.

Caution:

z

You are not allowed to configure the same IP address for both primary and
secondary authorization servers. If you do this, the system will prompt that the
configuration fails.

z

You can remove a server only when it is not used by any active TCP connection for
sending authorization messages.