Configuring tacacs authorization servers – H3C Technologies H3C S3600 Series Switches User Manual

2-24

To do…

Use the command…

Remarks

Set the IP address and port
number of the primary
TACACS authentication server

primary authentication
ip-address [ port ]

Required

By default, the IP address of
the primary authentication
server is 0.0.0.0, and the port
number is 0.

Set the IP address and port
number of the secondary
TACACS authentication server

secondary authentication
ip-address [ port ]

Optional

By default, the IP address of
the secondary authentication
server is 0.0.0.0, and the port
number is 0.

z

You are not allowed to configure the same IP address for both primary and secondary

authentication servers. If you do this, the system will prompt that the configuration fails.

z

You can remove an authentication server setting only when there is no active TCP connection that

is sending authentication messages to the server.

Configuring TACACS Authorization Servers

Follow these steps to configure TACACS authorization servers:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Create a HWTACACS scheme
and enter its view

hwtacacs scheme
hwtacacs-scheme-name

Required

By default, no HWTACACS
scheme exists.

Set the IP address and port
number of the primary
TACACS authorization server

primary authorization
ip-address [ port ]

Required

By default, the IP address of
the primary authorization
server is 0.0.0.0, and the port
number is 0.

Set the IP address and port
number of the secondary
TACACS authorization server

secondary authorization
ip-address [ port ]

Optional

By default, the IP address of
the secondary authorization
server is 0.0.0.0, and the port
number is 0.