beautypg.com

Specifying the hwtacacs authentication servers, Specifying the hwtacacs authorization servers – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 51

background image

37

Specifying the HWTACACS authentication servers

You can specify one primary authentication server and one secondary authentication server for an

HWTACACS scheme so that the NAS can find a server for user authentication when using the scheme.
When the primary server is not available, the secondary server is used, if any. In a scenario where

redundancy is not required, specify only the primary server.
To specify HWTACACS authentication servers for an HWTACACS scheme:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter HWTACACS scheme
view.

hwtacacs scheme
hwtacacs-scheme-name

N/A

3.

Specify HWTACACS
authentication servers.

Specify the primary HWTACACS
authentication server:

primary authentication ip-address

[ port-number ] *

Specify the secondary HWTACACS

authentication server:

secondary authentication ip-address
[ port-number ] *

Configure at least one
command.
No authentication server is

specified by default.

NOTE:

An HWTACACS server can function as the primary authentication server of one scheme and as the
secondary authentication server of another scheme at the same time.

The IP addresses of the primary and secondary authentication servers cannot be the same. Otherwise,
the configuration fails.

You can remove an authentication server only when no active TCP connection for sending authentication
packets is using it.

Specifying the HWTACACS authorization servers

You can specify one primary authorization server and one secondary authorization server for an
HWTACACS scheme so that the NAS can find a server for user authorization when using the scheme.

When the primary server is not available, the secondary server is used, if any. In a scenario where

redundancy is not required, specify only the primary server.
To specify HWTACACS authorization servers for an HWTACACS scheme:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter HWTACACS scheme
view.

hwtacacs scheme hwtacacs-scheme-name N/A

3.

Specify HWTACACS
authorization servers.

Specify the primary HWTACACS

authorization server:
primary authorization ip-address

[ port-number ] *

Specify the secondary HWTACACS

authorization server:

secondary authorization ip-address

[ port-number ] *

Configure at least one
command.
No authorization server is

specified by default.