For security purposes, all shared keys, including shared keys configured in plain text, are saved in
ciphertext.
Examples
# Specify a secondary accounting server with IP address 10.163.155.12, TCP port number 49, and
plaintext shared key abc for HWTACACS scheme hwt1.
<Sysname> system-view
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] secondary accounting 10.163.155.12 49 key simple abc
Related commands
display hwtacacs scheme
•
key (HWTACACS scheme view)
•
primary accounting (HWTACACS scheme view)
•
vpn-instance (HWTACACS scheme view)
•
secondary authentication (HWTACACS scheme view)
Use secondary authentication to specify a secondary HWTACACS authentication server.
Use undo secondary authentication to remove a secondary HWTACACS authentication server.
Syntax
secondary authentication { ipv4-address | ipv6 ipv6-address } [ port-number I key { cipher | simple }
string | vpn-instance vpn-instance-name ] *
undo secondary authentication [ { ipv4-address | ipv6 ipv6-address } [ port-number | vpn-instance
vpn-instance-name ]* ]
Default
No secondary HWTACACS authentication server is specified.
Views
HWTACACS scheme view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies the IPv4 address of the secondary HWTACACS authentication server.
ipv6 ipv6-address: Specifies the IPv6 address of the secondary HWTACACS authentication server.
port-number: Specifies the service port number of the secondary HWTACACS authentication server, a
TCP port number in the range of 1 to 65535. The default setting is 49.
key { cipher | simple } string: Sets the shared key for secure communication with the secondary
HWTACACS authentication server.
cipher string: Sets a ciphertext shared key. The string argument is case sensitive.
•
In non-FIPS mode, the key is a string of 1 to 373 characters.
In FIPS mode, the key is a string of 15 to 373 characters.
simple string: Sets a plaintext shared key. The string argument is case sensitive.
•
68